Versions Compared

Old Version 2

changes.mady.by.user Andrew Syme

Saved on

compared with

New Version Current

changes.mady.by.user Andrew Syme

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Excerpt

Where Informatica do not have a direct contract, containing appropriate provisions, with the Data Controller, the Data Processing Deed provides the legal basis for processing the data.

Info

A data processing agreement lays out technical requirements for the controller and processor to follow when processing data. This includes setting terms for how data is stored, protected, processed, accessed, and used. The agreement also defines what a processor can and cannot do with data.

Sample Deed

Table of Contents

Context

THIS DEED OF UNDERTAKING FOR DATA PROCESSING ("DEED")

...

(2)        GP Practices and other service recipients who, from time to time, receive, or have previously received, Solutions under the Skyline Product and/or services from the Supplier and/or provide, or have previously provided, data for the purposes of data extraction services through the Contract ("Beneficiaries").

BACKGROUND

A          The Supplier provides systems and Services to the GPs and other service recipients through contract vehicle (“Contract”) established by  ### ##  ("Customer");

...

G         This Deed shall survive the expiry or termination of the Contract.

OPERATIVE PROVISIONS

1         Definitions

1.1        Capitalised terms in this Deed shall have the following meaning:

...

1.3.13   Informatica Systems Ltd Personnel means all directors, officers, employees, agents, consultants, and contractors of Informatica Systems Ltd and/or of any Sub-Contractor engaged in the performance of Informatica Systems Ltd’s obligations under this Deed.

2         Context

2.1        In this Deed, unless the context otherwise requires:

...

2.2        A reference in a clause to Beneficiaries shall mean the Beneficiaries who are relevant to the applicable rights and/or obligations set out in the clause.

3         Obligations

3.1        Each Party shall comply with its respective obligations under the provisions of the DPA.

...

3.17    Acceptance of this Deed indicates the Beneficiaries’ written consent to authorise Informatica Systems Ltd to process the Personal Data as the Customer has determined in Annex A and by the Sub-processors listed in Annex B.

4         Status

4.1        This Deed shall survive the expiry or termination of the Contract.

...

Signature of Witness

 

 

Name of Witness

 

 

Address of Witness

 

 

Occupation of Witness

 

 

ANNEX A - PROCESSING, PERSONAL DATA AND DATA SUBJECTS

 

Subject matter of the processing

Processing of patient data to aid the Beneficiary in delivering of direct patient care following both national and local standards.

Duration of the processing

Processing continues through the period agreed in the Contract with the Customer.

 

Nature and purposes of the processing

  1. Nature of processing:

a.     Import and synchronisation of patient data with the principal clinical system (e.g. EMIS Web);

b.     Analysis of patient data against national and local standards;

c.      Display of patient registers according to national and local standards;

d.     Prompts to clinicians of national and local standards indicators relating to individual patients;

e.     Collection of clinical data related to national and local standards for export to the principal clinical system;

f.       Reports related to analysed data to aid the Beneficiary in its management of the national and local standards;

g.     Communications (e.g. SMS message) to patients related to the national and local standards and initiated by the Practice.

h.     Processing of patient data for aggregated reporting to the Customer.

  1. The purpose of the processing is to:

a.     provide facilities to the Beneficiary to manage its treatment of patients to meet national and local standards

b.     provide associated reporting to the Customer.

Type of personal data

  1. Clinician record:

a.     Name

b.     Gender

c.      Role

  1. Patient record:

a.     Name

b.     Gender

c.      Email

d.     Phone

e.     Address

f.       NHS number

g.     Date of birth

h.     Preferred GP

i.       Patient medical record

Categories of Data Subject

Patients and Clinicians

Plan for return and destruction of the data once the processing is complete1

The Beneficiaries’ data will be held for 1 year beyond the date of contract termination. At this point their data will be deleted from the database it’s held in.

 

  1. UNLESS requirement under Law to preserve that type of data.

ANNEX B - SUB-PROCESSORS

Sub-Processor

Activity

AWS

Provides hosting and processing functionality for Skyline product