Front Sheet Clause Samples

Front Sheet. The Controller(s) identified below wish to engage the party whose details are set out below (the Processor) to carry out the processing activities described in this Front Sheet, and the Processor wishes to carry out those activities. Both Parties acknowledge and agree that they have specific obligations under the Data Protection Legislation with respect to Personal Data. This Agreement sets out the nature, purpose and duration of the processing activities that will take place and also specifies the types of personal data to be processed and the categories of individuals the data belongs to. It defines the rights and obligations the Controller and Processor will have and contains the mandatory clauses required by Article 28(3) of the UK GDPR. This Front Sheet and the Terms and Conditions at part 2 (together, this Agreement) record the obligations of the Parties in respect of these processing activities. Where there is a conflict between the provisions of this Front Sheet and the Terms and Conditions, then the provisions of this Front Sheet shall prevail. Date of Agreement: [DD] day of [insert month] 202[X] Subject matter of the processing: [This should be a high level, short description of what the processing is about i.e. its subject matter of the contract. Example: The processing is needed in order to ensure that the Processor can effectively deliver the contract to provide [insert description of relevant service].] Nature of the processing: [The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc.] Purpose of the processing [Please be as specific as possible, but make sure that you cover all intended purposes. The purpose might include: employment processing, statutory obligation, recruitment assessment etc] Duration of the processing: [Clearly set out the duration of the processing including dates] Categories of Data Subject [Examples include: Patients, service users, Staff (including volunteers, agents, and temporary workers), customers/ clients, suppliers, patients, students / pupils, members of the public, users of a particular website etc] Personal Data Processed as part of this Agreement: [Examples here include: name, address, date of birth, NI number, te...

Front Sheet. Parties See Signatories in Appendix B Agreement Administrators [To be completed] Purpose [To be completed - please be as specific as possible, but make sure that you cover all intended purposes of sharing the Personal Data (e.g. details of the project/programme/services which requires sharing of personal data] Authorised Users [To be completed] Commencement Date [DD] day of [insert month] 202[X] Duration of the Processing [To be completed - clearly set out the duration of the joint controller arrangements, including dates] Categories of Personal Data [To be completed - Examples include: Patients, service users, Staff (including volunteers, agents, and temporary workers), customers/ clients, suppliers, patients, students / pupils, members of the public, users of a particular website etc] Legal Bases for Processing See Appendix B Agreed Sharing Mechanisms [To be completed – provide details as to how data will be shared] Security [To be completed – details of the security measures that the parties are to have in place] Confidentiality Compliance [To be completed] Review data / frequency [To be completed] Governance See Appendix C. Introduction This Joint Controller Agreement (JCA) is supplementary to the Wales Accord on the Sharing of Personal Information (WASPI) and has been agreed following consultation between the participating partner organisations. This JCA is intended to help practitioners understand what decisions have been made about the processing of Shared Personal Data between the listed partners for the stated purpose(s). It also provides assurance that the partners have considered the requirements of data protection legislation as joint controllers and that each have identified their roles and responsibilities for processing Shared Personal Data jointly. The JCA sets out these requirements under Article 26 of the UK General Data Protection Regulation (UK GDPR). It is intended that this agreement is to be read alongside the Data Protection Impact Assessment (DPIA) prepared by the parties. It sets out the framework for the for the sharing and processing of Shared Personal Data for the Purpose.). The JCA defines the principles and procedures that the Data Controller Parties will adhere to and the responsibilities of each party as joint controllers in relation to the sharing and use of Shared Personal Data in the delivery of the Purpose. All Partners have entered this JCA to demonstrate that data protection and privacy requirements have been consider...

Front Sheet. Parties See Signatories in Appendix B B. Agreement Administrators CAVUHB – Information Governance Manager

Front Sheet. Agency Terms; and

Front Sheet. 2 3 Purpose 6 4 The Joint Controller Partner Organisations and Responsibilities 6 5 Commencement and Duration 7 6 Specific Organisational / Partner Obligations 7 7 Data breaches, complaints and investigations 8

Front Sheet the front sheet of this Agreement;

Front Sheet. A. The Controller(s) identified below wish to engage the party whose details are set out below (the Processor) to carry out the processing activities described in this Front Sheet, and the Processor wishes to carry out those activities. B. Both Parties acknowledge and agree that they have specific obligations under the Data Protection Legislation with respect to Personal Data. C. This Agreement sets out the nature, purpose and duration of the processing activities that will take place and also specifies the types of personal data to be processed and the categories of individuals the data belongs to. It defines the rights and obligations the Controller and Processor will have and contains the mandatory clauses required by Article 28(3) of the UK GDPR. D. This Front Sheet and the Terms and Conditions at part 2 (together, this Agreement) record the obligations of the Parties in respect of these processing activities. E. Where there is a conflict between the provisions of this Front Sheet and the Terms and Conditions, then the provisions of this Front Sheet shall prevail. I. Date of Agreement: 23 day of December 2024 II. Controller(s) Name Cardiff and Vale University Health Board and GP practices working within Clusters and delivering care to patients within Cardiff and the Vale of Glamorgan. Registered address Cardiff and Vale University Health Board: University Hospital of Wales Heath Park Cardiff CF14 4XW Company number N/A ICO registration number Z1870171 Point of Contact: ▇▇▇.▇▇▇@▇▇▇▇▇.▇▇▇.▇▇ III. Processor: Name Black Pear Software Ltd Registered address ▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇▇ ▇▇ Company number 07030656 ICO registration number ZA215442 Point of Contact: ▇▇▇▇▇ ▇▇▇ ▇▇▇ IV. Subject matter of the processing: Data is processed to enable the Controllers to share a view of the GP clinical record for the purposes of direct care and treatment and subsequently record clinic outcome data gathered by clinic providers, and to securely convey that data by a write back functionality into the clinical record to the GP Practice that has referred patients to the cluster clinic. V. Nature of the processing: Data is gathered by clinicians about patients attending centralised cluster clinics within the GP / Cluster practice. This data is gathered in a web app created by CAVUHB (Controller).which will allow view of the GP clinical record. The data is passed securely by the web app to the Black Pear solution. The Black Pear solution will then securely send the informat...