Common use of Controller and Processor Clause in Contracts

Controller and Processor. The Recipient will act as sole controller and processor of data in this registry. Fully anonymized data of donor and recipient pre-, peri-operative characteristics, and postoperative outcomes are collected by the provider. The provider certifies that the Study Data shall be provided in a coded de-identified fashion. Under no circumstances shall Provider provide Recipient with the name, address, social security number, or any other identifier or protected health information (collectively, “PHI”) which would permit Recipient to identify the research subjects from whom such Study Data was collected. Detailed items of collected data are subsummised in the attached Case Report Forms (CRF). There will be no surgeon, or center related data reporting, all data will be fully anonymized. All data collected, processed, and stored for the purpose of the ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ project will remain confidential and comply with Good Clinical Practice for research (GCP) guidelines and the principles of the Data Protection Act 1998 (UK). The registry protocol is available at ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ along with patient information leaflets. All analyses and results will be published in peer reviewed journals with open access. All involved with ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ will receive PubMed cited group authorship. Social media and email communication will be used for communication and dissemination of information. Data submitted are anonymized prior to submission to the ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ data entry system in compliance with Article 45 of the GDPR. Access to the data entry system will be protected by username and password during the registration process for individual local investigators. All electronic data transfer between participating centers and the coordinating centers will be encrypted using SSL/TLS protocol (HTTPS). The ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ platform is protected by additional web security software that monitors, identified and mitigates threats, prevents attacks, accelerates website performance and meets international compliance standards. The study Chief Investigators and Founders will act as the custodians of the data. The data however belong to all collaborators. The scientific and management committees together will decide after the publication of the main report about requests from ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ members regarding secondary analyses and will consider all such requests based on quality and the validity of the proposed project and decide by majority decision. Each participating center will identify an additional Auditor (data monitor) at their institution. Auditors will be assigned to monitor the adherence to the registry protocol as well as auditing the quality of data collection of the participating centers on a regular basis. Auditors should be healthcare professionals not directly involved in LDLT. Data that has been submitted by the provider requiring rectification due to inaccuracy (held in good faith), must be corrected by the provider. Detailed information regarding the affected data must be shared from the provider with the recipient. Data will be retained for 20 years by the recipient. Once maximum data retention time has been reached, the information is deleted permanently by the recipient. In case of prolonged need of data storage, justification is sent to the provider by the recipient. Recipient agrees that upon termination of this Agreement, Recipient shall, at its expense, (a) return or destroy all Study Data received from Provider and (b) retain no copies of such Study Data for further research purposes. Recipient may retain one archival copy solely for determination of compliance with this Agreement. Recipient shall own the technical results generated as a result of the use of the Study Data pursuant to this Agreement. Recipient hereby grants to Provider a non-exclusive, sub-licensable, worldwide, perpetual, royalty-free license to the results generated from the Study Data pursuant to this Agreement for non-profit academic, educational, and research purposes. Main types of breach include inappropriate or accidental disclosure by the provider. In occurrence of such a breach, the recipient must be informed immediately. In occurrence of data loss by the recipient the provider is informed by the recipient and a review of data systems is triggered. The provider provides a point of contact for the recipient. If the point of contact changes, it is the responsibility of the provider to update the recipient of the new point of contact. The point of contact of the recipient is the study team at the Royal Free Hospital and its principal investigator are the Information Governance contact for the Royal Free Hospital. The date of the commencement of the DSA is either the date of the first patient enrolled in the registry or the date of signature of the agreement, whichever comes first. The DSA is review periodically (every 12 months) by the recipient to ensure it remains current and fit for purpose. Change in legislation or a party deciding to leave the agreement triggers a review outside the regular review period.

Controller and Processor. The Recipient will act as sole controller and processor of data in this registry. Fully anonymized data of donor and recipient pre-, peri-operative characteristics, and postoperative outcomes are collected by the provider. The provider certifies that the Study Data shall be provided in a coded de-identified fashion. Under no circumstances shall Provider provide Recipient with the name, address, social security number, or any other identifier or protected health information (collectively, “PHI”) which would permit Recipient to identify the research subjects from whom such Study Data was collected. Detailed items of collected data are subsummised subsummized in the attached Case Report Forms (CRF). There will be no surgeon, or center related data reporting, all data will be fully anonymized. All data collected, processed, and stored for the purpose of the ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ project will remain confidential and comply with Good Clinical Practice for research (GCP) for research guidelines and the principles of the Revised Federal Act on Data Protection Act 1998 (UKFADP) (CH). The registry protocol is available at ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ along with patient information leaflets. All analyses and results will be published in peer reviewed journals with open access. All involved with ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ will receive PubMed cited group authorship. Social media and email communication will be used for communication and dissemination of information. Data submitted are anonymized prior to submission to the ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ data entry system in compliance with Article 45 of the GDPR. Access to the data entry system will be protected by username and password during the registration process for individual local investigators. All electronic data transfer between participating centers and the coordinating centers will be encrypted using SSL/TLS protocol (HTTPS). The ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ platform is protected by additional web security software that monitors, identified and mitigates threats, prevents attacks, accelerates website performance and meets international compliance standards. The study Chief Investigators and Founders will act as the custodians of the data. The data however belong to all collaborators. The scientific and management committees together will decide after the publication of the main report about requests from ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ members regarding secondary analyses and will consider all such requests based on quality and the validity of the proposed project and decide by majority decision. Each participating center will identify an additional Auditor (data monitor) at their institution. Auditors will be assigned to monitor the adherence to the registry protocol as well as auditing the quality of data collection of the participating centers on a regular basis. Auditors should be healthcare professionals not directly involved in LDLT. Data that has been submitted by the provider requiring rectification due to inaccuracy (held in good faith), must be corrected by the provider. Detailed information regarding the affected data must be shared from the provider with the recipient. Data will be retained for 20 years by the recipient. Once maximum data retention time has been reached, the information is deleted permanently by the recipient. In case of prolonged need of data storage, justification is sent to the provider by the recipient. Recipient agrees that upon termination of this Agreement, Recipient shall, at its expense, (a) return or destroy all Study Data received from Provider and (b) retain no copies of such Study Data for further research purposes. Recipient may retain one archival copy solely for determination of compliance with this Agreement. Recipient shall own the technical results generated as a result of the use of the Study Data pursuant to this Agreement. Recipient hereby grants to Provider a non-exclusive, sub-licensable, worldwide, perpetual, royalty-free license to the results generated from the Study Data pursuant to this Agreement for non-profit academic, educational, and research purposes. Main types of breach include inappropriate or accidental disclosure by the provider. In occurrence of such a breach, the recipient must be informed immediately. In occurrence of data loss by the recipient the provider is informed by the recipient and a review of data systems is triggered. The provider provides offers a point of contact for the recipient. If the point of contact changes, it is the responsibility of the provider to update the recipient of the new point of contact. The Governance point of contact of the recipient is the study team ▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ at the Royal Free Hospital and its principal investigator are the Information Governance contact for the Royal Free Hospital. The date of the commencement of the DSA is either the date of the first patient enrolled in the registry or the date of signature of the agreementHirslanden, whichever comes first. The DSA is review periodically (every 12 months) by the recipient to ensure it remains current and fit for purpose. Change in legislation or a party deciding to leave the agreement triggers a review outside the regular review periodZurich, Switzerland.

Controller and Processor. The Recipient will act as sole controller and processor of data in this registry. Fully anonymized data of donor and recipient pre-, peri-operative characteristics, and postoperative outcomes are collected by the provider. The provider certifies that the Study Data shall be provided in a coded de-identified fashion. Under no circumstances shall Provider provide Recipient with the name, address, social security number, or any other identifier or protected health information (collectively, “PHI”) which would permit Recipient to identify the research subjects from whom such Study Data was collected. Detailed items of collected data are subsummised in the attached Case Report Forms (CRF). There will be no surgeon, or center related data reporting, all data will be fully anonymized. All data collected, processed, and stored for the purpose of the ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ project will remain confidential and comply with Good Clinical Practice for research (GCP) for research guidelines and the principles of the Revised Federal Act on Data Protection Act 1998 (UKFADP) (CH). The registry protocol is available at ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ along with patient information leaflets. All analyses and results will be published in peer reviewed journals with open access. All involved with ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ will receive PubMed cited group authorship. Social media and email communication will be used for communication and dissemination of information. Data submitted are anonymized prior to submission to the ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ data entry system in compliance with Article 45 of the GDPR. Access to the data entry system will be protected by username and password during the registration process for individual local investigators. All electronic data transfer between participating centers and the coordinating centers will be encrypted using SSL/TLS protocol (HTTPS). The ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ platform is protected by additional web security software that monitors, identified and mitigates threats, prevents attacks, accelerates website performance and meets international compliance standards. The study Chief Investigators and Founders will act as the custodians of the data. The data however belong to all collaborators. The scientific and management committees together will decide after the publication of the main report about requests from ▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ members regarding secondary analyses and will consider all such requests based on quality and the validity of the proposed project and decide by majority decision. Each participating center will identify an additional Auditor (data monitor) at their institution. Auditors will be assigned to monitor the adherence to the registry protocol as well as auditing the quality of data collection of the participating centers on a regular basis. Auditors should be healthcare professionals not directly involved in LDLT. Data that has been submitted by the provider requiring rectification due to inaccuracy (held in good faith), must be corrected by the provider. Detailed information regarding the affected data must be shared from the provider with the recipient. Data will be retained for 20 years by the recipient. Once maximum data retention time has been reached, the information is deleted permanently by the recipient. In case of prolonged need of data storage, justification is sent to the provider by the recipient. Recipient agrees that upon termination of this Agreement, Recipient shall, at its expense, (a) return or destroy all Study Data received from Provider and (b) retain no copies of such Study Data for further research purposes. Recipient may retain one archival copy solely for determination of compliance with this Agreement. Recipient shall own the technical results generated as a result of the use of the Study Data pursuant to this Agreement. Recipient hereby grants to Provider a non-exclusive, sub-licensable, worldwide, perpetual, royalty-free license to the results generated from the Study Data pursuant to this Agreement for non-profit academic, educational, and research purposes. Main types of breach include inappropriate or accidental disclosure by the provider. In occurrence of such a breach, the recipient must be informed immediately. In occurrence of data loss by the recipient the provider is informed by the recipient and a review of data systems is triggered. The provider provides a point of contact for the recipient. If the point of contact changes, it is the responsibility of the provider to update the recipient of the new point of contact. The point of contact of the recipient is the study team at the Royal Free Hospital and its principal investigator are the Information Governance contact for the Royal Free Hospital. The date of the commencement of the DSA is either the date of the first patient enrolled in the registry or the date of signature of the agreement, whichever comes first. The DSA is review periodically (every 12 months) by the recipient to ensure it remains current and fit for purpose. Change in legislation or a party deciding to leave the agreement triggers a review outside the regular review period.