...
| Iframe | ||||||
|---|---|---|---|---|---|---|
|
Patients Know Best,
of St John's Innovation Centre, Cowley Road Milton, Cambridge, CB4 0WS
...
This Agreement is dated [ 31st OCTOBER ] 2022.
1. Parties
Patients Know Best (“PKB”); and
The Providers (listed in Schedule 4), (“Providers”),
...
Unless specifically provided for in this Agreement, the following terms shall have the following meanings:
Term | Meaning |
|---|---|
“Agreed Purposes” | has the meaning given in clause 7; |
“Commencement Date” | has the meaning given in clause5.1; |
“Controller”, “Joint Controllers”, “Personal Data”, “Personal Data Breach”, “Processing” (including “Process” and “Processed”), and “Special Categories of Personal Data” | have the meaning given in the DPA 2018; |
”Commissioning Contract” | means the commercial arrangement between the Parties; |
“Data Protection Impact Assessment” | means an assessment by a Controller of the impact of the envisaged Processing on the protection of Personal Data; |
“Data Protection Law” | means, for the periods in which they are in force in the United Kingdom, the DPA 2018, the GDPR, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to Processing of Personal Data and privacy; |
“Data Subject” or “Patient” | means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person in any PKB Data; |
“Data Subject Request” | means a request from a Data Subject under Data Protection Law in respect of PKB Data; |
“DPA 2018” | means the Data Protection Act 2018; |
“GDPR” | means the General Data Protection Regulation (Regulation (EU) 2016/679); |
“ICO” | means the Information Commissioner’s Office, which is the UK’s supervisory authority, as of the date of this Agreement, based at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; |
“National Data Opt-Out” | means the opt-out mechanism operated by the NHS that allows NHS patients to opt-out of the use of their data for research or planning purposes; |
“Responsible Controller” | has the meaning given in clause11.7; |
“Third Party Communication” | has the meaning given in clause 11.5; |
“PKB data” | means all personal data held on the PKB platform, both patient Record and Patient Account. |
3.2 Rules of Interpretation
...
Each of the Parties shall perform the obligations allocated to it the table below following allocation of responsibilities in accordance with Article 26 of the GDPR:
Compliance obligation Responsible Party |
Publicise a contact point for Data Subjects to facilitate the exercise Providers of their rights in relation to the Processing under this Agreement. |
Upon request, make available to Data Subjects a summary of the Providers and arrangement between the Parties under this Agreement, such PKB summary to be in a form agreed by the Parties. |
Maintaining the PKB platform PKB |
Supplying initial dataset on Data Subject Providers |
Maintaining transparency material online to meet A13 and A14 Providers and requirements PKB |
13. USE OF PROCESSORS
13.1 Where PKB uses a Processor to Process PKB Data, PKB shall:
...
PKB Data to be Processed under this Agreement may include data from the following sources:
Providers Electronic Patient Record (structured coded data only) |
Patient Inputted Data |
Third Party Partners and Integrations (for purposes of care provision) |
1.4 Under 16’s
The inclusion of personal data of any natural person under the age of 16 should be considered on a case by case basis.
...
Signatories to Joint Controller Arrangement
[Party A]
[Party B]
[Party C]
[Party D]