TERMS AND CONDITIONS FOR DOCTOR ACCESS TO LABORATORY RESULTS APPLICATION

A. INTERPRETATION

A.1. In this Agreement and in the annexes to this Agreement (other than documents/accounts prepared before the date of signature of this Agreement), unless the context indicates a contrary intention – clause headings are for convenience only and are not to be used in its interpretation.

A.2. an expression which denotes - any gender includes the other genders; a natural person includes a juristic person and vice versa; the singular includes the plural and vice versa.

B. DEFINITIONS

B.1. The following words and expressions bear the meanings assigned to them and cognate

expressions bear corresponding meanings;

A.1.1. “Laboratory” means the medical testing laboratory providing the Application and related

services.

A.1.2. “Doctor” means a registered medical practitioner authorised to access patient results

through the Application.

A.1.3. “Application” means the digital platform, software, mobile application, website, or related

service provided by the Laboratory for the purpose of delivering laboratory test results to

Doctors.

A.1.4. "Patient” means any individual whose biological specimen is tested by the Laboratory

and whose test results may be accessed by the Doctor through the Application.

A.1.5. “Personal Information” and “Processing” have the meanings assigned in the Protection

of Personal Information Act 4 of 2013 (“POPIA”).

A.1.6. Results” means any pathology, diagnostic, analytical, or related laboratory outcomes pro

vided to the Doctor.

A.1.7. “ Signature Date” means the day when the Doctor uses the application by logging in

and/or downloading the software.

A.1.8. “ NHA” means the National Health Act No 61 of 2003

A.1.9. “Specimen” means

A.1.10. “Responsible party” means the person or organisation that determines why and how per

sonal information is processed.

A.1.11. “ POPIA” means the Protection of Personal Information Act 4 of 2013

A.1.12. “Operator” means a person or organisation that processes personal information on behalf

of the responsible party.

A.1.13. “User” means is the Responsible Party for all Personal Information and Special Personal

Information processed by way of the App.

A.1.14. “Personal Information” and “Processing” bear the meanings assigned in POPIA.

A.1.15. “Sub-Operator” means a third party engaged by the Operator to process Personal

Information

A.1.16. “Categories of Information being processed” means Patient identifiers; Medical test

results; Diagnostic imaging or reports; Contact details of Medical Practitioners; Practice

information; Technical device information (IP address, logs, metadata).

A.1.17. “Parties” means Toga and the Medical Practitioner and “Party” means anyone of them

as the context may require or indicate;

A.1.18. “Toga Lab” means

A.1.19. “Special Personal Information” includes medical, biometric, and other sensitive patient

A.1.20. information.

A.1.21. “Data Subject” means any patient or individual whose Personal Information is

processed.

A.1.22. “Healthcare Practice” means any medical, allied health, diagnostic, or clinical

establishment using the Application.

B. any substantive provision conferring rights or imposing obligations on any party in the interpretation clause shall be given effect to as if it were a substantive provision in the body of the agreement.

C. words and expressions defined in any clause shall, unless the application of any such word or expression is specifically limited to that clause, bear the meaning assigned to such word or expression throughout this Agreement.

D. no provision of this Agreement or any related document shall be construed against or interpreted to the disadvantage of any party hereto by reason of such party having or being deemed to have structured or drafted such provision.

E. unless specifically otherwise provided, any number of days prescribed in this Agreement shall be determined by excluding the first and including the last day or, where the last day falls on a Saturday, Sunday or public holiday, the next succeeding business day.

F. a reference to any statutory enactment shall be construed as a reference to that enactment as at the Signature Date and as amended or re-enacted from time to time.

G. this Agreement incorporates the annexes which annexes shall have the same force and effect as if set out in the body of this Agreement. In this Agreement the word "Agreement" refers to this Agreement and the words "clause" or "clauses" and "annexed" or "annexes" refer to clauses of and annexes to this Agreement.

H. PREAMBLE

These Terms and Conditions govern the use of the Application (“the App”), which enables Medical Practitioners to receive, access, store, view, and manage patient information, including laboratory results, diagnostic reports, and related medical data. The App processes Special Personal Information as defined under the Protection of Personal Information Act 4 of 2013 (“POPIA”). By registering, accessing, or using the App, the User acknowledges that they are the user and/or responsible party under POPIA for all patient data processed through the App and that the Laboratory acts strictly as a POPIA Operator. These Terms incorporate a POPIA-compliant Operator Agreement and a full Privacy Notice.

NOW THEREFORE the parties agree as follows;

1. LEGALITY AND ENFORCEMENT

1.1. These Terms constitute a binding agreement between the Laboratory and the Doctor.

1.2. By registering for, accessing, or using the Application, the Doctor agrees to be bound by these Terms.

1.3. The Laboratory may amend these Terms at its discretion. Continued use of the Application constitutes acceptance of the amended Terms.

2. PURPOSE OF THE APPLICATION

2.1. The Application is provided solely to enable Doctors to access laboratory Results for the purpose of clinical assessment, diagnosis, treatment, and patient management.

2.2. The Application is not intended for use by patients or the general public.

2.3. The Laboratory provides Results strictly as diagnostic support and not as medical advice or clinical instruction.

2.4. The Laboratory does not provide medical advice, treatment recommendations, or clinical instructions.

3. DOCTOR’S WARRANTIES AND OBLIGATIONS

3.1. The Doctor warrants that they are duly registered with the Health Professions Council of South Africa (HPCSA) and legally authorised to receive, interpret, and act upon laboratory Results.

3.2. The Doctor is solely responsible for:

3.2.1. ensuring the accurate clinical interpretation of results;

3.2.2. verifying the identity and consent of patients;

3.2.3. maintaining compliance with POPIA and all applicable healthcare laws;

3.2.4. safeguarding login credentials, access codes, devices, and authentication mechanisms;

3.2.5. ensuring all subordinate staff accessing Results do so lawfully and under proper supervision.

3.2.6. maintaining strict confidentiality in accordance with POPIA, the National Health Act 61 of 2003 (“NHA”), and HPCSA ethical rules.

3.2.7. securing access credentials, devices, passwords, and authentication tools and;

3.2.8. preventing any unauthorised, negligent, or malicious access to the Application.

3.3. The Doctor must, in writing, notify the Laboratory immediately of any breach or suspected

breach of security.

4. LABORATORY’S OBLIGATIONS

4.1. The Laboratory shall exercise reasonable professional skill and care in the testing and preparation of Results.

4.2. The Laboratory provides no guarantee that the Application will operate without interruption, error, or security vulnerability.

4.3. The Laboratory shall implement reasonable technical and organisational measures to ensure uptime, data integrity, and secure processing of Personal Information.

4.4. The Laboratory reserves the right to restrict, suspend, or terminate access to the Application for security, legal compliance, maintenance, or misuse.

5. LIMITATION OF LIABILITY

5.1. To the maximum extent permitted by South African law, including the Consumer Protection Act 68 of 2008 (where applicable), the Laboratory shall not be liable for any:

5.1.1. indirect, consequential, incidental, or punitive damages;

5.1.2. misinterpretation of Results, clinical misjudgment, failure to diagnose, or wrongful treatment;

5.1.3. errors arising from specimen labelling, patient identification, collection, storage, or transport performed by third parties;

5.1.4. unauthorised access, loss, corruption, interception, or distribution of Results due to the Doctor’s negligence, device insecurity, or misuse of credentials;

5.1.5. delays or failures in delivery of Results via the Application;

5.1.6. reliance by the Doctor on outdated or previously withdrawn Results.

5.2. The Laboratory’s total liability arising from any claim shall not exceed the cost of the fee charged for the specific test giving rise to the claim.

5.3. Nothing herein excludes liability where exclusion is prohibited by law.

5.4. Liability for direct damages is limited to fees paid in the preceding 12 months.

6. INDEMNITY

6.1. The Doctor indemnifies, defends, and holds the Laboratory harmless against all claims, losses, damages, penalties, disciplinary sanctions, legal actions, or liabilities arising from:

6.1.1. any clinical decision, diagnosis, treatment, or omission by the Doctor;

6.1.2. any breach of POPIA, the NHA, or confidentiality obligations by the Doctor or their authorised personnel;

6.1.3. unauthorised access to the Application using the Doctor’s credentials;

6.1.4. inaccurate Patient information provided by the Doctor or their practice;

6.1.5. defamation, misconduct, or negligence associated with the Doctor’s use of Results and;

6.1.6. corruption, loss, or improper use of data arising from the Doctor’s systems or

networks.

6.2. This indemnity applies to claims raised by patients, family members, regulators, third parties, medical schemes, or law enforcement authorities.

7. DATA PROTECTION AND CONFIDENTIALITY

7.1. The Laboratory shall take reasonable measures to protect Personal Information in accordance with POPIA.

7.2. The Doctor acknowledges their independent responsibilities under POPIA as a Responsible Party.

7.3. The Doctor must not store, transmit, or distribute Results except as required for legitimate medical purposes.

7.4. Results may not be downloaded, reproduced, transmitted, or stored except where clinically necessary and lawful.

7.5. The Doctor must implement appropriate technical and organisational safeguards to protect Patient information accessed via the Application.

7.6. The parties shall treat as strictly secret and confidential the existence and nature of all discussions and negotiations relating to the subject matter of this agreement, it being agreed and undertaken by both parties that the discussions held and to be held between them, this Agreement, its existence and its terms and conditions are not to be disclosed, directly or indirectly to any person without the consent of the other party prior to the effective date, without the prior written consent of this other party, which consent shall not unreasonably be withheld, be disclosed to any third person other than in terms of any order of a Court of competent jurisdiction which shall have directed it, or as may be required by law.

7.7. Each party shall take or cause to be taken such reasonable precautions as may be necessary to prevent the disclosure of any information and date made available or obtained from the Application which are not a matter of public knowledge or lawfully available from any other source.

7.8. Only the Doctor and authorised medical personnel under the Doctor’s supervision, who require access to Personal Information for patient care, may access such information. The Doctor remains responsible for ensuring that any authorised personnel comply with the obligations contained in this agreement.

7.9. The parties must keep confidential and not disclose to any third party the terms of this Agreement, the results and any information relating to each other’s technical process, business affairs of finances, know-how and intellectual property acquired in connection with this agreement. Should the Doctor be required by the law to disclose such information, it must inform in writing the Laboratory within a reasonable time.

7.10. The clause shall continue to be binding on the parties notwithstanding any termination or

cancellation of this Agreement or any part thereof.

8. ACCESS CONTROL AND SECURITY

8.1. The Laboratory may implement multi-factor authentication, identity verification, encryption, and monitoring technologies.

8.2. The Laboratory may immediately suspend access upon reasonable suspicion of:

8.2.1. security breaches;

8.2.2. unauthorised access;

8.2.3. misuse or misconduct and;

8.2.4. regulatory risks.

8.3. Any unlawful access may be reported to law enforcement and the HPCSA.

9. INTELLECTUAL PROPERTY

9.1. All intellectual property in the Application remains the exclusive property of the Laboratory.

9.2. The Doctor receives a limited, non-transferable, revocable license to use the Application solely for clinical purposes.

10. PROHIBITED CONDUCT

10.1. The Doctor may not:

10.1.1. reverse-engineer, copy, or reproduce any component of the Application;

10.1.2. use the Application for non-clinical, commercial, or research purposes without

written consent;

10.1.3. allow Patients direct access to the Application.

10.1.4. Breach of this clause may result in civil action, reporting to the HPCSA, or criminal

charges where applicable.

11. ACCURACY, VALIDITY, AND INTERPRETATION OF RESULTS

11.1. Results are based on specimens received under the conditions submitted and accepted for

processing.

11.2. The Laboratory is not responsible for:

11.2.1. improper specimen collection, labelling, or transport;

11.2.2. degradation of specimens prior to receipt;

11.2.3. misidentification of Patients or samples.

11.3. The Doctor retains full and exclusive responsibility for interpretation and clinical decisions.

11.4. The Laboratory is not responsible for pre-analytical errors, specimen degradation, or

incorrect patient identifiers supplied by the Doctor.

11.5. Interpretation remains solely the Doctor’s responsibility.

12. SUSPENSION AND/OR TERMINATION

12.1. The Laboratory may suspend or terminate access at any time where required for:

12.1.1. system maintenance or upgrades;

12.1.2. legal compliance;

12.1.3. investigation of misconduct;

12.1.4. protection of Patient information;

12.1.5. breach of these Terms.

12.2. Upon termination, the Doctor must cease all use of the Application and ensure the lawful

retention or destruction of any stored Results.

This POPIA Operator Agreement (“Agreement”) is concluded between: The Responsible Party, as defined in the main Terms and Conditions; and The Operator, being the Client identified in the main Terms and Conditions.

The Parties agree as follows:

13. PURPOSE AND SCOPE

13.1. This Agreement governs the processing of Personal Information by the Operator on behalf

of the Responsible Party under POPIA.

13.2. The Operator shall process Personal Information only:

13.2.1. in accordance with the Responsible Party’s documented and

lawful instructions, and;

13.2.2. as required for performance of the main Terms and Conditions.

13.3. Where the Operator reasonably believes that an instruction infringes POPIA, it shall notify

the Responsible Party so the Parties may resolve the issue jointly.

14. GENERAL OBLIGATIONS OF THE PARTIES

14.1. Operator Obligations

The Operator shall:

14.1.1. implement appropriate security measures;

14.1.2. ensure confidentiality of personnel;

14.1.3. notify the Responsible Party of any security compromise;

14.1.4. assist the Responsible Party where reasonably required to comply with POPIA.

14.2. Responsible Party Obligations

The Responsible Party shall:

14.2.1. provide lawful, documented, and clear instructions;

14.2.2. ensure it has a valid legal basis for collecting Personal Information;

14.2.3. ensure that Personal Information it provides is accurate and relevant;

14.2.4. not require the Operator to take any action that would breach applicable law.

14.3. Shared Responsibilities

14.3.1. Co-operate in good faith on compliance matters,

14.3.2. maintain records required under POPIA, and

14.3.3. implement reasonable measures to prevent unauthorised access or misuse.

15. SECURITY SAFEGUARDS

15.1. The Operator shall implement appropriate and reasonable technical and organisational

security measures, considering:

15.1.1. the nature of the information;

15.1.2. the risks associated with processing;

15.1.3. industry standards; and

15.1.4. the resources available to the Operator.

15.2. The Responsible Party shall implement its own security measures for all Personal

Information in its possession and control.

15.3. The Parties shall notify one another of any significant new risks or vulnerabilities that may

affect compliance.

15.4. The Operator must implement safeguards equivalent to South African laboratory

information systems, including encryption in transit and at rest; multi-factor administrative

access controls; regular penetration testing; strict staff confidentiality agreements.

16. USER ELIGIBILITY AND PROFESSIONAL RESPONSIBILITY

16.1. The User warrants that they are a licensed Medical Practitioner or authorised healthcare

professional.

16.2. The User is solely responsible for:

16.2.1. verifying laboratory or diagnostic results before medical interpretation,

16.2.2. clinical decision-making,

16.2.3. ensuring patient consent where required,

16.2.4. ensuring that all patient data provided through the App is accurate and lawful to

process.

17. SECURITY COMPROMISE

17.1. If either Party becomes aware of a security compromise, it shall notify the other Party

without undue delay.

17.2. The Parties shall cooperate reasonably and proportionately in investigating, mitigating,

and remedying the compromise.

17.3. Each Party shall bear its own costs unless the compromise is caused by the wrongful

or negligent act of one Party, in which case liability is allocated in terms of clause 6.

17.4. The Responsible Party remains legally responsible for notifying the Information Regulator

and affected Data Subjects unless delegated contractually.

18. SUB-OPERATORS

18.1. The Operator may appoint Sub-Operators with the prior written approval of the

Responsible Party, which approval may not be unreasonably withheld or delayed.

18.2. The Operator shall ensure Sub-Operators are bound by obligations substantially

similar to those in this Agreement.

18.3. The Operator remains responsible for the actions of approved Sub-Operators to the extent

such actions relate to obligations delegated to them.

19. CROSS-BORDER TRANSFERS

19.1. The Operator shall not transfer Personal Information cross-border without:

19.1.1. the Responsible Party’s written authorisation (not to be unreasonably

withheld) and;

19.1.2. ensuring that the receiving country, organisation, or mechanism meets POPIA’s

requirements.

19.2. Where the Responsible Party instructs the Operator to transfer information, the

Responsible Party warrants that such transfer complies with POPIA.

20. AUDIT AND INSPECTION

20.1. The Responsible Party may, on reasonable notice, request information demonstrating the

Operator’s compliance.

20.2. Formal audits may be conducted only where:

20.2.1. required by law; or

20.2.2. there is a reasonable and written evidenced suspicion of non-compliance.

20.3. Audits shall:

20.3.1. be conducted during business hours;

20.3.2. not unreasonably disrupt operations;

20.3.3. respect the Operator’s confidentiality and proprietary information; and

20.3.4. be at the Responsible Party’s cost unless material non-compliance is discovered.

20.3.5. exclude all proprietary code, trade secrets, or unrelated confidential information.

21. RETURN OR DESTRUCTION OF PERSONAL INFORMATION

21.1. Upon termination of the main Terms and Conditions, the Operator shall:

21.1.1. return or securely destroy Personal Information as instructed, unless

retention is required by law; and

21.1.2. certify the completion of such measures.

21.2. The Responsible Party shall ensure it provides clear and lawful instructions for destruction

or return.

22. WARRANTIES

22.1. The Operator warrants that it:

22.1.1. will comply with POPIA as applicable;

22.1.2. has implemented reasonable security safeguards;

22.1.3. will process Personal Information only as permitted by this Agreement.

22.2. Responsible Party warrants that:

22.2.1. it has a lawful basis for all Personal Information provided;

22.2.2. Personal Information is not unlawfully collected or excessive;

22.2.3. its instructions comply with POPIA.

23. PRIVACY NOTICE

23.1. This Privacy Notice sets out the manner in which Personal Information and Special Personal

Information of Data Subjects is collected, used, processed, stored, retained, and

safeguarded through the Application.

23.2. This Notice further describes the legal rights of Data Subjects and the respective

responsibilities of the Healthcare Practice and the Developer in relation to the lawful handling

of such information.

23.3. All processing activities are undertaken with the objective of ensuring full compliance with

applicable legislation and recognised ethical obligations, and with due regard to the

confidentiality inherent in healthcare related information.

23.4. All Personal Information and Special Personal Information processed through the

Application shall be handled strictly in accordance with the requirements of the Protection of Personal Information Act 4 of 2013 (“POPIA”), the National Health Act 61 of 2003 (“NHA”), any applicable regulations issued under such statutes, and any relevant rules, ethical standards, or professional obligations imposed by the Health Professions Council of South Africa (“HPCSA”).

23.5. Where the Application is used in a context that gives rise to additional statutory obligations,

those obligations shall similarly apply to all processing activities.

23.6. INFORMATION COLLECTED

23.6.1. The Application may collect, generate, or process the following categories of

Personal Information and Special Personal Information in the ordinary course of

its operation:

23.6.1.1. Identifying, demographic, or contact particulars of Data Subjects,

including names, identification numbers, physical and electronic

addresses, and telephone numbers.

23.6.1.2. Health-related and clinical information, including medical records,

diagnostic findings, clinical notes, test results, prescriptions, medication histories, and any other information necessary for healthcare provision.

23.6.1.3. Administrative, billing, and financial information, including account

details, medical scheme information, and records relating to claims processing or reimbursement.

23.6.1.4. Information voluntarily provided by the User, uploaded by authorised

personnel, or obtained via secure integration with external systems,

platforms, or healthcare services.

23.7. PURPOSE OF PROCESSING

23.7.1. Personal Information and Special Personal Information shall be processed

solely for lawful, legitimate, and explicitly defined purposes, including:

23.7.1.1. the provision of medical care, diagnosis, treatment, continuity of care,

and related healthcare services;

23.7.1.2. the creation, maintenance, and management of patient records and

clinical documentation;

23.7.1.3. communication with Data Subjects for health-related purposes,

including appointment scheduling, treatment-related notifications, and follow-up care;

23.7.1.4. billing administration, claims submissions, verification of benefits, and

other funding-related functions;

23.7.1.5. compliance with statutory, regulatory, or professional obligations,

including mandatory reporting requirements;

23.7.1.6. system administration, security monitoring, operational maintenance,

performance optimisation, and improvement of the Application.

23.8. LAWFUL BASIS FOR PROCESSING

23.8.1. The processing of Personal Information and Special Personal Information may

be undertaken on one or more of the following lawful bases:

23.8.1.1. the explicit, voluntary, and informed consent of the Data Subject, where

required under POPIA;

23.8.1.2. the necessity of such processing for the purpose of providing

healthcare services or medical treatment to the Data Subject;

23.8.1.3. the fulfilment of legal obligations imposed on the Healthcare Practice or

any healthcare professional making use of the Application and;

23.8.1.4. the legitimate interests of the Healthcare Practice, to the extent that

such interests are recognised under POPIA and do not unlawfully

infringe upon the rights of the Data Subject.

23.9. STORAGE, SECURITY, AND SAFEGUARDS

23.9.1. All Personal Information and Special Personal Information shall be stored using appropriate, reasonable, and industry aligned technical and organisational security measures designed to prevent loss, unauthorised access, unlawful disclosure, or improper alteration.

23.9.2. Access to Personal Information shall be strictly limited to authorised Users who require such access for lawful and legitimate processing purposes.

23.9.3. The Developer may implement additional security mechanisms, including encryption protocols, secure transmission methods, authentication controls, intrusion detection measures, and system level safeguards, in order to ensure compliance with POPIA’s security requirements and to maintain the integrity of the Application.

23.10. SHARING AND DISCLOSURE

23.10.1. Personal Information and Special Personal Information shall not be disclosed to any third party except where such disclosure is lawful, necessary, and consistent with the purposes outlined in this Notice. Such disclosures may include:

23.10.1.1. treating healthcare professionals who require access for purposes of diagnosis,

treatment, or continuity of care;

23.10.1.2. pathology laboratories, pharmacies, or other healthcare service providers

involved in the treatment or management of the Data Subject;

23.10.1.3. medical schemes, insurers, or authorised funding entities for the purposes of

benefit verification, billing, or claims administration;

23.10.1.4. regulatory authorities, courts, tribunals, or law enforcement agencies where

disclosure is required by law or pursuant to a valid legal process.

23.11. RETENTION AND DEVELOPER RECORD-KEEPING

23.11.1. All clinical records and medical information shall be retained by the Healthcare Practice or User in accordance with the retention periods prescribed by the National Health Act, the associated regulations, and the relevant HPCSA ethical rules, including any minimum statutory retention period for health records.

23.11.2. The Developer may maintain system generated logs, audit trails, security records, and technical metadata strictly for operational, security, diagnostic, or compliance purposes.

23.11.3. Such records shall be retained only for as long as is reasonably necessary to fulfil these legitimate functions, to comply with applicable legal obligations, or to enforce or defend legal rights, after which such records shall be securely deleted or anonymised in accordance with POPIA.

23.12. DATA SUBJECT RIGHTS

Data Subjects are entitled, subject to applicable law and any lawful limitations, to exercise the following rights:

23.12.1. the right of access to Personal Information held about them;

23.12.2. the right to request the correction, updating, or rectification of any inaccurate or incomplete information;

23.12.3. the right to object to certain forms of processing, including processing undertaken on the basis of legitimate interests, where such objection is permitted by law;

23.12.4. the right to lodge a complaint with the Information Regulator of South Africa should they believe that their Personal Information has been processed in a manner inconsistent with POPIA.

23.13. CONTACT AND COMPLAINTS

23.13.1. Any inquiries, requests, or concerns relating to the processing of Personal Information through the Application should be directed to the Laboratory or Healthcare Practice using the contact details provided within the Application.

23.13.2. Data Subjects may also submit complaints directly to the Information Regulator of South Africa should they consider that the handling of their Personal Information contravenes applicable data-protection laws.

24. DISPUTE RESOLUTION

24.1. Amicable Consultation

24.1.1. If any dispute, disagreement, or claim of any nature arises between the Parties in connection with this Agreement, including its interpretation, performance, breach, or termination, the Parties shall promptly attempt to resolve the matter through good-faith negotiations.

24.1.2. Each Party shall designate a representative with decision-making authority to engage in these discussions.

24.1.3. The Parties must use their best efforts to settle the dispute through mutual consultation within ten (10) days from the date on which either Party notifies the other in writing of the existence of the dispute.

24.2. Referral to Mediation

24.2.1. If the Parties are unable to resolve the dispute through amicable consultation within the time period specified in clause 24.1.3, they may, by mutual agreement, refer the dispute to voluntary mediation before proceeding to arbitration.

24.2.2. The mediator shall be jointly selected by the Parties with not less than 5 (five) years of experience as an accredited mediator, and the mediation process shall be conducted in accordance with the rules of the Arbitration Foundation of Southern Africa (AFSA) or another recognised Mediation Organisation agreed upon in writing.

24.2.3. Mediation shall not exceed ten (10) days, unless the Parties agree otherwise.

24.2.4. Parties shall follow the rules and guidelines as outlined in the Gauteng Practice Directive or any Mediation legislation thereafter.

24.3. Arbitration

24.3.1. If the Parties fail to resolve the dispute through amicable mediation within the periods described above, either Party may serve written notice on the other Party of its intention to refer the dispute to binding arbitration.

24.3.2. The arbitration shall be conducted in accordance with the rules of the Arbitration Foundation of Southern Africa (AFSA), by an arbitrator or panel of arbitrators appointed by AFSA with not less than 10 (ten) years of experience as an Arbitrator.

24.4. Finality and Binding Nature

The decision or award of the arbitrator(s) shall be final, binding on the Parties, and capable of being made an order of court upon application by either Party.

24.5. Costs of Arbitration

Unless otherwise determined by the arbitrator(s), the costs of the arbitration—including the fees of the arbitrator(s), administrative fees, and the Parties’ legal costs—shall be borne by the Parties in proportion to the arbitrator’s award or in such manner as the arbitrator(s) deem just and equitable.

24.6. Continuation of Obligations

During the dispute-resolution process, the Parties shall continue performing their respective obligations under this Agreement to the extent reasonably possible, except in matters directly affected by the dispute.

24.7. Urgent or Interim Relief

Nothing in this clause shall prevent either Party from approaching a court of competent jurisdiction for urgent or interim relief where such relief is necessary to protect its rights pending the outcome of arbitration.

25. TERMINATION

Either party may terminate this Agreement upon 10 (ten) days written notice to the other. It is contemplated that, upon termination, either: (a) neither party would make further disclosures of Confidential Information to the other, or (b) a superseding Non-Disclosure Agreement would be executed.

26. GOVERNING LAW AND JURISDICTION

26.1. These Terms are governed by the laws of the Republic of South Africa.

26.2. Any dispute arising from these Terms shall be subject to the exclusive jurisdiction of the High Court

of South Africa.

27. NOTICES

27.1. Formal notices must be delivered in writing to the parties’ designated email or physical address as

indicated in the XXXXX.

27.2. Notices by the Laboratory may be delivered electronically through the Application.

28. SEVERABILITY

28.1. If any provision of these Terms is found invalid or unenforceable, the remaining provisions shall

remain in full force.

29. GENERAL

29.1. This Agreement constitutes the whole of the agreement between the Parties relating to the matters

dealt with herein and, save to the extent otherwise provided herein, no undertaking, representation,

term or condition relating to the subject matter of this Agreement not incorporated in this Agreement

shall be binding on either of the Parties.

29.2. No addition to or variation, deletion, or agreed cancellation of any and all clauses or provisions of

this Agreement will be of any force or effect unless in writing and signed by the Parties.

29.3. No waiver of any of the terms and conditions of this Agreement will be binding or effectual for any

purpose unless in writing and signed by the Party giving the same. Any such waiver will be effective only in the specific instance and for the purpose given. Failure or delay on the part of either Party in exercising any right, power or privilege hereunder will not constitute or be deemed to be a waiver thereof, nor will any single or partial exercise of any right, power or privilege preclude any other or further exercise thereof or the exercise of any other right, power or privilege.

29.4. All provisions and the various clauses of this Agreement are, notwithstanding the manner in which

they have been grouped together or linked grammatically, severable from each other. Any provision or clause of this Agreement which is or becomes unenforceable in any jurisdiction, whether due to voidness, invalidity, illegality, unlawfulness or for any other reason whatever, shall, in such jurisdiction only and only to the extent that it is so unenforceable, be treated as pro non scripto and the remaining provisions and clauses of this Agreement shall remain of full force and effect. The Parties declare that it is their intention that this Agreement would be executed without such unenforceable provision if they were aware of such unenforceability at the time of execution hereof.

29.5. Neither this Agreement nor any part, share or interest herein nor any rights or obligations hereunder

may be ceded, delegated or assigned by either Party without the prior written consent of the other Party.

29.6. Any consent or approval required to be given by either Party in terms of this Agreement will, unless

specifically, otherwise stated, not be unreasonably withheld.