...
“In In case you need a signed version, click here →
...
3.1 Unless specifically provided for in this Agreement, the following terms shall have the following meanings:
“Agreed Purposes” | has the meaning given in clause 7; |
“Commencement Date” | has the meaning given in clause 5.1; |
“Controller”, , “Personal Data”, “Personal Data Breach”, “Processing” (including “Process” and “Processed”), and “Special Categories of Personal Data” | has the meaning given in the DPA 2018; |
“Commissioning Contract” | means the commercial arrangement between the Parties; |
“Data Protection Law” | means, for the periods in which they are in force in the United Kingdom, the DPA 2018, the GDPR, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to Processing of Personal Data and privacy; |
“Data-Subject” “Patient” | means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person in any PKB Data; |
“Data Subject Access Request” | means a request from a Data Subject under Data Protection Law in respect of PKB Data; |
“DPA 2018” | means the Data Protection Act 2018; |
“GDPR” | means the General Data Protection Regulation (Regulation (EU) 2016/679) and UK General Data Protection Regulation; |
“PKB data” | means all personal data held on the PKB platform, both patient Record and Patient Account; |
“Services”, “Platform”, “Solution” | means the PKB software and architecture, infrastructure and operations. |
“Third-Party Communication” | has the meaning given in clause 11.3. |
“UK GDPR” | means the GDPR as implemented into UK law by the DPA 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419). |
3.2 The following rules of interpretation apply to this Agreement:
...
29.3.1 PKB Data to be Processed under this Agreement may include data from the following sources:
Organisations Electronic Patient Record |
Patient Inputted Data |
Third Party Partners and Integrations (for purposes of care provision) |
29.4 The inclusion of personal data of any natural person under the age of 13 should be considered on a case by case basis.
...
PKB will only act under the following instruction of the Organisation for this processing operation
Description | Details |
Identity of Controller for each Category of Personal Data | Organisation is the Controller for all Personal Data categories. |
Duration of the Processing | Duration of the Data Processing Contract |
Nature and purposes of the Processing | PKB provides a software solution to allow Organisations to share patients records between themselves. PKB are considered a Processor for Organisation inputted data within the Patient Record For this personal data, PKB will only process this personal data in order to provide the service of the PKB platform. |
Type of Personal Data |
|
Categories of Data Subject | Controller’s patients Controller’s staff using PKB platform |
Plan for return and destruction of the data once the Processing is complete UNLESS requirement under Union or Member State law to preserve that type of data | At the end of the Agreement, all personal data will be destroyed or returned to the Controller, at the choice of the Controller |
Transfers of data outside the UK | There will be no transfers of personal data outside the UK |
31. SCHEDULE 3: SECURITY CONTROLS
...