GALEAS™ Software Services Terms of Use

Version 1.3 0 last updated 8 March 2024

(A) ‘Customer’ means the person or entity who has agreed to these Terms of Use.

(B) ‘Nonacus’ means Nonacus Limited, a company incorporated in England and Wales with registered number 9590278 whose registered office is at Unit 5, Quinton Business Park, 11 Ridgeway, Quinton, Birmingham, B32 1AF. ‘Nonacus Affiliate’ means Informed Genomics Limited, a company incorporated in England and Wales with registered number 13082290.

(C) Nonacus has developed certain proprietary software (GALEAS™ analysis software) which it makes available to Customer (Subscriber) through remote access to the Cloud together with hot/cold Cloud storage (together referred to as ‘GALEAS Software Services’), upon Customer’s purchase of the GALEAS reagent kit.

(D) Customer has purchased the GALEAS reagent kits either directly from Nonacus or via an approved reseller and now wishes to access and use the GALEAS Software Services in its business operations.

(E) Nonacus has agreed to provide and Customer has agreed to use GALEAS Software Services subject to these ‘Terms of Use’.

(F) Contradictory terms and conditions proposed by Customer will not be binding on Nonacus.

(G) Notwithstanding the above, where Nonacus has executed a written agreement in connection with the Customer’s access and use of GALEAS Software Services (‘Alternative Agreement’) which does not make reference to or explicitly excludes these ‘Terms of Use’, then the access to and use of GALEAS Software Services shall be solely governed and controlled by this Alternative Agreement.

Appendix 1 – Data Processing Particulars

A) Customer Patient Data

Customer may submit Customer Patient Data for upload to the Cloud, the extent of which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of data:

  • Genetic information and other health information (BAM files, FASTQ files, VCF files, text files containing genetic information)
  • Racial or ethnic origin

To the extent permitted under Local Privacy Laws and relevant patient consents, Customer may also upload Direct Identifiers, including but not limited to:

  • patient name
  • date of birth
  • specific information about physical health information

To the extent that Customer Patient Data constitutes Personal (Special Category) Data (as defined by applicable Data Protection Laws), such data will be processed by Nonacus as a Processor (and its Sub-Processors, as appointed in accordance with these Terms of Use).

Nonacus may not process Customer Patient Data for patients under the age of 18. Please confirm with a member of the customer support team.

B) Customer Personal Data

The following Customer Personal Data will be processed by Nonacus as an independent Controller for the purposes of communicating with the Customer and administering the services:

  • Contact information (company name, company email, company phone number, physical business address)
  • Internet protocol address (IP address)

APPENDIX 2 – Technical and Organisational Measures

The below provides a (non-exhaustive) list of the high-level, minimum security requirements that Nonacus implements as part of its “technical and organisational measures”

Security ControlDescription
Access Control ManagementProcesses designed to ensure that access to information, systems and applications is restricted to authorised users and is granted in accordance with “Need-To-Know” and “Least-Privilege” principles.
Data/Media DestructionProcesses designed to ensure that access to data on media is rendered unlikely for a given effort via different actions such as clear, purge and destroy.

On a case-by-case basis, the correct method of destruction is chosen so as to ensure the desired outcome.
Acceptable UseProcesses designed to ensure acceptable use of electronic devices and network resources.

Computer devices, networks and other electronic information systems need to be managed in order to ensure confidentiality, integrity and availability of information assets.
Monitoring and LoggingProcesses which ensure that all systems are designed and configured to generate and store security logs.
EncryptionUnless technically infeasible or impractical, all private, confidential and regulated information shall be encrypted at rest and in transit according to industry best-practices.
Back-up and ContinuityProcesses designed to ensure that information is backed up according to business, legal and regulatory requirements and taking into account the potential loss of the specific type of information.
Software Development Lifecycle (SDLC)Processes designed to ensure that security software development practices are used at all times.
Vulnerability ManagementProcesses designed to ensure that vulnerabilities identified in critical information systems are assessed and remediated in a timely manner.
User PasswordProcesses designed to ensure industry standard password complexity.
Physical ControlsProcesses designed to implement facility access controls and to ensure workstation, device and information assets’ security.

Appendix 3 - Cloud Credit Table

GALEAS Bladder kit(s)Software Product CodeCloud Credits
96 reactions96 x NGS_GAL_GBA_196 Cloud Credits
GALEAS Tumor kit(s)Software Product CodeCloud Credits
16 reactions16 x NGS_GAL_GTA16 Cloud Credits
96 reactions96 x NGS_GAL_GTA96 Cloud Credits
GALEAS Hereditary Plus kit(s)Software Product CodeCloud Credits
16 reactions16 x NGS_GAL_GHPA16 Cloud Credits
96 reactions96 x NGS_GAL_GHPA96 Cloud Credits