« Statement of Work » means an agreement between the Company and a Client that defines the conditions under which the Company provides services, including the creation and delivery of the Processed Customer Data. This Data Processing Agreement governs the rights and obligations of the Processor to ensure that any processing of personal data is carried out in accordance with applicable data protection laws. CMADE/NDAs are reviewed by several offices at the University of Pittsburgh. The content and purpose of these agreements determine which central office verifies the language and signs it on behalf of the University: the controller acknowledges and agrees that all personal data that the controller uploads as part of the service, such as .B. Uploaded personal data of the Controller`s own customers may be transferred to a third party (sub-processor) based in the European Economic Area (EEA), which will provide hosting of the Service. including the provision of all hardware, infrastructure, data storage and communication lines. The obligations of the third party with respect to personal data are set out in a separate data processing agreement between the processor and the third party under this data processing agreement. All data on the Service is stored on servers in Europe. In the space of strong intellectual property rights that protect data and databases in the United States, data-sharing agreements work best when they are an integral part of a broader agreement between research partners. An individual data-sharing agreement is not intended to replace the broader agreement between partners, but to complement and support a particular aspect of the broader agreement. For an in-depth look at the role of a data sharing agreement within a large enterprise between research partners, see Data Sharing: Creating Agreements, Paige Backlund Jarquín MPH, Colorado Clinical and Translational Sciences Institute & Rocky Mountain Prevention Research Center. Upon termination of this data processing agreement, the personal data will be returned in order to facilitate the further use of the personal data/ data by the controller if the controller so requests.
The processor must first return all personal and other data and then delete it. The processor (and its subcontractors) must immediately cease the processing of personal data from the date set by the controller. The Processor will immediately notify the Controller of any breach of this Data Processing Agreement or any accidental, unlawful or unauthorized access, use or disclosure of the Personal Data or any breach of the integrity of the Personal Data, or the fact that the Personal Data may have been compromised. The Processor must provide the Controller with all information necessary for the Controller to comply with applicable data protection laws and for the Controller to respond to all requests from the competent data protection authorities. It is the responsibility of the controller to inform the competent data protection authority of any discrepancies in accordance with applicable law. The processing of personal data (as defined below) is subject to requirements and obligations under applicable law. If the Controller is a legal entity established in the European Economic Area (the « EEA »), the relevant data protection laws include local data protection laws and this EU Regulation 2016/679 of 27 April 2016. . .