Whole Genome Sequencing of Liver Cancers

• PS DUO:0000027 (version: 2021-02-23)project specific restrictionThis data use modifier indicates that use is limited to use within an approved project.

FunGeST - Functional Genomics from cancer research to personalized medicine

DATA ACCESS AGREEMENT These terms and conditions govern access to the managed access datasets to which the Data Recipient has requested access. The Data Recipient agrees to be bound by these terms and conditions. Definitions GDPR: This DAA ensures that both parties comply with the Regulation (EU) 2016/679 of the European Parliament and of the Council, known as the General Data Protection Regulation (herein referred to as the ‘GDPR’). Data: Refers to managed controlled access datasets (the Data). Under this Agreement, the Data is pseudonymised. Data Access/Transfer: Refers to an Institution’s right to request access to the Data and retrieve it from the Data Controller’s Institution upon approval of this DAA by the corresponding Data Access Committee (DAC) within the Data Controller’s Institution. Data Handling: Refers to an Institution’s ability to analyse and manipulate the Data within its own computer network. Data Controller(s): The Institution responsible for data generation and pseudonymization. Data Subject: Refers to any individual who is the source of any Data covered by this Agreement. Data Recipient (‘You’): The Institution that requests access to the Data through this Agreement. Authorized Personnel: The individual(s) at the Institution requesting Access to the Data. Research Project: The Project for which You have requested Access to the Data. Publications: Refers, without limitation, to any and all articles published in print journals, electronic journals, reviews, books, posters, and other written and verbal presentations of Research that have been accepted by peer review. FunGeST: This Data Access Agreement (DAA) has been developed for the FunGeST functional genomics projects, with the Centre de Recherche des Cordeliers (CRC) in Paris, France serving as the Data Controller. Terms and Conditions 1. Data Usage: The Data Recipient agrees to use the Data only for the specified Research Project and for research purposes only, not for any profit-making activities. 2. Confidentiality and Data Protection: The Data Recipient commits to maintaining the confidentiality of all information and Data related to Data Subjects, and will neither use nor attempt to use the Data in a way that compromises or violates the confidentiality and privacy of Data Subjects. 3. Data Subject Identification: The Data Recipient will not attempt to identify Data Subjects. 4. Data Linking: The Data Recipient will not link or combine the Data with other information that could re-identify the Data Subjects, even if such information is formally accessible or freely available. 5. Usage Restrictions: The Data Recipient agrees to consider any usage restrictions stemming from consent, applicable laws, or internal policies of their institution. 6. IT Security Measures The Data Recipient agrees to follow an up-to-date IT policy that includes: (a) Logging and auditing access to the Data and the computer network. (b) Password protection and/or strong data encryption. (c) Virus and malware protection. (d) Secure backup procedures. (e) Access control. (f) Incident response. 7. Project Duration: The Data Recipient aknowledges that access to the Data is granted for the duration of the specified Research Project. Any use of the Data for a different project requires prior approval through a new agreement. 8. Intellectual Property: The Data Recipient acknowledges that this agreement does not transfer any intellectual property rights to the Data. The Data Recipient will not assert intellectual property claims over the Data or use intellectual property protections to restrict access or use of any portion of the Data. However, the Data Recipient may conduct additional research that enhances the value of the Data and may obtain intellectual property rights over resulting discoveries, provided that licensing policies align with OECD guidelines and do not impede further research. 9. Legal Responsibility: The Data Recipient acknowledges that the Data Controller bears no legal responsibility for the accuracy or completeness of the Data, and the Data Recipient accepts no liability for any indirect, consequential, or incidental damages or losses arising from the use of the Data. 10. Liability: The Data Recipient agrees to hold harmless the Data Subjects and Data Controllers against any and all liabilities, demands, damages, expenses, and losses arising from the use of the Data. This includes, but is not limited to, any legal claims or financial losses resulting from misuse, breach of confidentiality, or failure to comply with the terms and conditions set forth in this agreement. The Data Recipient acknowledges full responsibility for ensuring the security and proper use of the Data. 11. Publication and Acknowledgement: The Data Recipient agrees that any publications, presentations, or disclosures based on the Data must appropriately cite the Data source. All papers and outputs must include a citation according to the guidelines provided with respective EGAD dataset ID. A list of required citations and acknowledgements will be provided along with the dataset and must be adhered to in all relevant research outputs. (see Section III). 12. Personnel Compliance and Data Confidentiality: The Data Recipient agrees to restrict the use of the Data to their Institution, ensuring that all Authorized Personnel are fully informed of and comply with the terms of this agreement. The Data Recipient will not disclose any information contained in the Data to third parties unless specifically authorized by the Research Project or with written consent from the Data Controllers. The Data Recipient will not transfer the Data outside their Institution without prior written approval from the Data Controllers. If the Data is to be shared with an external collaborator, the collaborator must first enter into a separate Data Access Agreement to obtain access. 13. Security Breach: In case of a security breach resulting from accidental use of Data leading to disclosure, the Data Recipient must report it to the Data Controllers within 72 hours and follow GDPR rules. In case of a non-accidental breach, the Data Recipient must destroy any held Data. 14. Termination: The Data Recipient acknowledges that this agreement will be terminated immediately in the event of any breach by the recipient or upon the termination of the agreement. 15. Dispute Resolution Process: The Data Recipient will make every effort to resolve disputes amicably with the Data Controllers. If a resolution is not reached within 60 days, the matter will be submitted to arbitration, conducted in English unless otherwise agreed, with the arbitration decision being final and binding. 16. Governing Law and Jurisdiction: The Data Recipient agrees that this agreement, along with any related disputes, will be governed by French law and fall under the exclusive jurisdiction of French courts.