Data Protection Protocol. Table A – Processing, Personal Data and Data Subjects Description Details Subject matter of the Processing To use the DSC/VHC Software, You the business will be required to qualify your Consumer with regards to using their Personal data in Our DSC/VHC Site for processing a DSC/VHC for them. Duration of the Processing The period is valid whilst this DSC/VHC SAAS Licence Agreement is in place and DSC/VHC SAAS Licence Subscriptions are being paid. Nature and purposes of the Processing The purpose of processing the data is to allow You to undertake Visual Health Checks on your Consumers vehicles. The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means). Description Details Type of Personal Data We and, or Our Associate Business Development Managers (BDM) on Your request will be the Data Controllers responsible for entering YOUR business name, address, business telephone number and email address, any personal names, logins and passwords used in conjunction with the related DSC/VHC software. The contact data is related to your business for email and phone number so only the names, logins and passwords (which are encrypted) are classed as personal data. You as the business may elect to control your own logins and passwords to provide access to your own staff the Authorised Users. YOUR business Authorised Users are the Data Controllers when entering YOUR Consumers data into the DSC/VHC Software with the Consumers agreement. Data entered for Consumers by YOU is the Consumers name, mobile number and, or email address, vehicle type and model, vehicle registration, vehicle VIN number. You may have made an agreement with a 3rd party provider to integrate this data directly into the DSC/VHC Software and YOU will be responsible to ensure they have the relevant data protection in place and as required. Categories of Data Subject Your business data, Staff data and Your Consumers data as described above and in the Privacy Statement. Plan for anonymising and destruction of the data once the Processing is complete UNLESS there is a requirement under union or member state law to preserve that type of data The data shall be kept for a period of 12 months after termination of the DSC/VHC SA...
Data Protection Protocol. Standard Protocol: In order to protect the data from unauthorized access, disclosure or use, USHE shall (1) limit access to the data to only employees of USHE who have legitimate interest in the requested purpose and use specified in USHE’s Data Request form; (2) make no further disclosure of or access to the data, and (3) properly destroy of the data within 30 days after the completion of any data accumulation using secure erasure technologies.
Data Protection Protocol. 1.1 The Parties have agreed the following derogations from the clauses at Schedule 3 of the Framework as being changes needed to reflect of the nature and circumstances of the arrangements provided for within the Contract between them: TO BE INSERTED AS APPENDIX 2 TO SCHEDULE 3 OF THE CONTRACT DATA SHARING AGREEMENT
Data Protection Protocol. 1 Table A – Processing, Personal Data and Data Subjects Description Details Subject matter of the Processing Any and all data held in or temporarily generated by the clinical systems supported by the GPintheCloud service as part of the operation of the clinical system. Duration of the Processing This agreement will commence on <<Today>> and be in place for the duration of the service. The processing is not occasional. Nature and purposes of the Processing The purpose of the processing is solely to provide the mechanism over which supported clinical systems can be viewed remotely by persons authorised and controlled by the respective data controller. Delt Shared Servies Ltd. will have no access to the clinical system data, which remains under the control of its respective data controller. Depending on the operation of a clinical system for which the data controller has provided access, temporary files may be generated in the virtual machine. Delt Shared Services Ltd will not access or attempt to access this data, unless instructed by the Practice. Type of Personal Data The following data will be viewed via GPintheCloud for Locums to provide direct care to the practice’s registered patients direct: ● Name ● Address ● Data of birth ● NHS number ● Healthcare information (as documented in the clinical record) ● Family, lifestyle and social circumstances ● Religious or other beliefs of a similar nature ● Physical or mental health conditions ● Information relating to sexual health or orientation The following data will be pulled from the Clinical System regarding employees (who have entered into the patient’s record): ● Name ● Job Title Categories of Data Subject Patient data – this will be specifically for patients registered with the practice who are being seen by the Locum via GPintheCloud. Employee’s data – All employees who work within the practice and contribute to the practice’s clinical system. This could be employees who work for the practice permanently (such as Clinicians or Administrators) or on an ad hoc basis (such as Locums). Plan for return and Any temporary files generated by the clinical data system that the clinical destruction of the data once the Processing is data system does not also dispose of will be deleted at the end of the virtual machines lifespan (not more than 30 days). complete UNLESS requirement under union or member state law to preserve that type of data
Data Protection Protocol. Table A –
Data Protection Protocol. Key points: anonymous data, informed consent, secondary use The three key points that we have taken into consideration in the development of neuGRID Data protection protocol relate to: - the notion of anonymous data; - the requirement of subjects’ informed consent; - the secondary use of data.
Data Protection Protocol. Two possible scenarios It is possible to foresee two main scenarios for the neuGRID e-infrastructure:
Data Protection Protocol. Open issue: subjects’ capacity to give informed consent In the health field, informed consent is a fundamental ethical requirement in order to guarantee the principle of respect for the autonomy of human beings and to safeguard patients’ right to self- determination. When treatment and research involve persons who may be cognitively impaired, such as those with Alzheimer’s disease, competence assessment is an important task for physicians and researchers and, indeed, is subject to specific legislation in some EU member states. In the development of a protocol for data protection, we are dealing specifically with informed consent to the processing of particularly sensitive personal data, and not with the more general issue of informed consent for participation in a clinical trial. Our suggestion is that in the evaluation of any given subject’s competence to give consent to their enrolment in the clinical trial, researchers explore also the subject’s understanding of the aspects related to the processing of clinical data. Nevertheless, the hypothesis is that subjects competent to give informed consent for the participation in the clinical trial are also competent to give consent for the processing of personal data. In case of subjects not fully competent to give informed consent, rigorous protective measures should be set up, conformant with local regulatory frameworks where applicable.
Data Protection Protocol. The definitions and interpretative provisions at clause 1 of this contract shall also apply to this Protocol. Additionally, in this Protocol the following words shall have the following meanings unless the context requires otherwise:
