COVID-19 severity correlates with airway epithelium–immune cell interactions identified by single-cell analysis

Data Transfer Agreement of Human Genomic Data for Research Purposes (Charité)

Data Transfer Agreement between Charité - Universitätsmedizin Berlin Charitéplatz 1, 10117 Berlin Germany –hereinafter: „CHARITÉ“ – [INSERT INSTITUTION DETAILS full legal name and address] –hereinafter: „RECIPIENT“ – – individually referred to as “PARTY” and/or together referred to as “PARTIES” – Preamble This Data Transfer Agreement governs the terms on which access will be granted to the genotype data generated by CHARITÉ. 1.Definitions “Data” means all and any human genetic data obtained by the RECIPIENT from CHARITÉ. “Data Subject” means a person, to whom Data refers and who has been informed of the purposefor which the Data is held and has given her/his consent thereto. “Intellectual Property” means (i) patents, designs, trade marks and trade names (whetherregistered or unregistered), copyright and related rights, database rights, know-how andconfidential information; (ii) all other intellectual property rights and similar or equivalent rightsanywhere in the world which currently exist or are recognised in the future; and (iii) applications,extensions and renewals in relation to any such rights. “Publications” mean, without limitation, articles published in print journals, electronic journals,reviews, books, posters and other written and verbal presentation of research. “Registered User” means a researcher (or an individual conducting research under the supervision of a researcher) that is employed by the RECIPIENT and is bound by confidentiality and non-use obligations in respect of Data and who has signed this Agreement and has received acknowledgement of its acceptance. For the avoidance of doubt, “Registered User” may also include students, visiting academics, contractors, sub-contractors or independent consultants provided that any such individual is bound by confidentiality and non-use obligations no less onerous then those binding the RECIPIENT’s employees. 2.Obligations of the RECIPIENT 2.1 Confidentiality The RECIPIENT agrees to preserve, at all times, the confidentiality of Data pertaining to identifiable Data Subjects. In particular, the RECIPIENT undertakes not to use, or attempt to use the Data to deliberately compromise or otherwise infringe the confidentiality of information on Data Subjects and their right to privacy. 2.2 Data Protection 2.2.1 The RECIPIENT agrees to use the Data solely for the approved purpose and project described in the RECIPIENT’s application (Annex 1); use of the Data for a new purpose or project will require a new application and approval. 2.2.2 Data shall not be used for commercial purposes (e.g. diagnostic services). 2.2.3 The RECIPIENT, and her/his Registered Users, shall comply with the obligations contained in the applicable German and EU data protection laws and regulations as amended from time to time. 2.2.4 The RECIPIENT agrees that before he gives any Registered User access to Data, he shall first show the Registered User a copy of this Agreement and shall inform the Registered User that he or she must comply with the obligations contained in this Agreement and sign up to the provisions of this Agreement in the form set out at the end of this Agreement (Annex 2). The RECIPIENT shall provide CHARITÉ with a copy of the Registered User’s acceptance form within ten days of the date of acceptance by the Registered User. 2.2.5 The RECIPIENT agrees not to transfer or disclose the Data, in whole or in part, or any identifiable material derived from the Data, to others, except Registered Users. Should the RECIPIENT wish to share the Data with a collaborator out of the same institution, the third party must make a separate application for access to the Data. 2.2.6 The RECIPIENT agrees that she/he, and her/his Registered Users, shall not analyse or make any use of the Data in such a way that has the potential to: (i)lead to the re-identification of any Data Subject; or (ii)compromise the anonymity of any Data Subject in any way. 2.2.7 CHARITÉ reserves the right to request and inspect data security and management documentation to ensure the adequacy of data protection measures in countries that have no national laws comparable to that pertaining in the European Economic Area (EEA). 2.3 Data Security 2.3.1 The RECIPIENT agrees that she/he shall take all reasonable security precautions to keep the Data safe, such precautions to be no less onerous than in the applicable German and EU data protection laws and regulations. 2.3.2 The RECIPIENT shall adhere to the principle of IT-Security as set forth in Annex 3 hereto. 3.Provisions of cooperation 3.1 Errors The RECIPIENT agrees to notify CHARITÉ of any errors detected in the Data without undue delay. 3.2 Reissue of data The RECIPIENT accepts that CHARITÉ will reissue Data from time to time, with suitable versioning. If Data is reissued at the request of the Data Subject and/or as he result of other ethical scrutiny, the RECIPIENT agrees to destroy all earlier versions of the Data without undue delay once he has received such information. 3.3 Intellectual property 3.3.1 The RECIPIENT recognises that nothing in this Agreement shall operate to transfer to the RECIPIENT any intellectual property rights in or relating to the Data. 3.3.2 The RECIPIENT does not have the right to sublicense the Data. The RECEPIENT shall inform CHARITÉ about any third party requests for the Data. 3.3.3 The RECIPIENT shall have the right to develop intellectual property based on comparison with their own data. 3.3.4 CHARITÉ has no knowledge of any conflicting property rights of third parties regarding the provided Data. If CHARITÉ learns of potential conflicting property rights of third parties, CHARITÉ shall inform the RECIPIENT; however, no liability can be assumed for this. 3.4 Publications 3.4.1 The RECIPIENT agrees to acknowledge in any RECIPIENT’s work based in whole or part on the Date, any provider publications which encompass and from which Data derive, the respective version of the Data obtained, and the role of CHARITÉ. The RECIPIENT is also entitled to release publications and, in doing so, agrees to acknowledge any of CHARITÉ’s work based in whole or part on the Data in its publication. 3.4.2 The RECIPIENT will also declare in any such work that CHARITÉ and its employees bear no responsibility for the further analysis or interpretation of the Data by the RECIPIENT. 3.5 Liability 3.5.1 The RECIPIENT accepts that CHARITÉ, the original data creators, depositors or copyright holders, or the funders of the Data or any part of the Data supplied: (i)bear no legal responsibility for the accuracy or comprehensiveness of the Data; and (ii)accept no liability for indirect, consequential, or incidental, damages or losses arisingfrom use of the Data, or from the unavailability of, or break in access to, the Data forwhatever reason, except for damages caused intentionally or by gross negligence. 3.5.2 Nothing in this Agreement limits or excludes either Party’s liability for (i) product liability claims, (ii) death or personal injury resulting from negligence or any fraud or (iii) or in case of breaches of so called “material contractual obligations (Kardinalpflichten)”. Material contractual obligations (Kardinalpflichten) are obligations which principally enable the fulfilment of the proper enforcement of the contract and on which the contractual partner can trust and is allowed to trust for compliance (iiii) for any sort of other liability which by law cannot be limited or excluded according to applicable law. 4.General provisions 4.1 Termination of Agreement 4.1.1 This Agreement shall expire automatically three years after its signature by both PARTIES. 4.1.2 This Agreement will terminate immediately upon any breach of the provisions of this Agreement by the RECIPIENT. 4.1.3 The RECIPIENT accepts that the changing ethical framework of human genetic research may lead to: (i)alteration to the provisions of this Agreement, in which case the RECIPIENT may accept such alterations or terminate this Agreement; or (ii) the withdrawal of this Agreement in extreme circumstances.4.1.4 The notification of either PARTY to terminate this Agreement shall be made in writing with 4 weeks’ notice. 4.1.5 In the event that this Agreement is expired or terminated in accordance with this Clause 4.1 the RECIPIENT shall destroy all Data at the direction of CHARITÉ. This shall not apply to the extent that Data is saved in automatic back-up systems for which destruction shall follow the regular process of such back-up system, however, such Data shall be eliminated within a period of 90 days after the date of termination. Upon request of CHARITÉ, the RECIPIENT will certify the destruction of the Data. 4.2 Applicable Law 4.2.1 This Agreement shall be governed, construed and interpreted in accordance with the substantive laws of Germany. This Agreement shall be in the English language and the English version of this Agreement shall be deemed the official and governing instrument, notwithstanding any translations thereof. 4.2.2 The PARTIES agree to submit to the exclusive jurisdiction of the courts of Berlin, Germany, as regards any disputes, claims or matter arising under this Agreement. Annexes Annex 1 Application for Access to Genotype Data Annex 2 Declaration of commitment Annex 3 Data Security SIGNATURES for CHARITÉ ______________________ ______________________ Place, date, Anne Großkopff, Business Director Faculty for RECIPIENT ______________________ _____________________ Place, date, [Name ... ] Annex 1 Application for Access to Genotype Data Name of RECIPIENT and registered USERS, including affiliations and contact details. Enter the primary email correspondence email address you would like to use: [...] Please ensure that a full postal and email address is included for the RECIPIENT and each registered USER. [...] Title of Project (in less than 30 words) [...] Data Request [...] Research Question Please provide a clear description of the project and its specific aims in no more than 750 words. This should include specific details of what you plan to do with the data and include key references. [...] Feasibiliy Please describe fully your experience and expertise, and that of your collaborators, and how this will be applied to the proposed study. [...] Please send completed forms to: Charité - Universitätsmedizin Berlin BIH Digital Health Center Prof. Dr. Roland Eils Kapelle-Ufer 2 10117 Berlin Germany Email: roland.eils@charite.de Annex 2 Declaration of Commitment Please send signed form to: Charité - Universitätsmedizin Berlin BIH Digital Health Center Prof. Dr. Roland Eils Kapelle-Ufer 2 10117 Berlin Germany Email: roland.eils@charite.de I, __________________________________, declare that I will comply with the requirements of the Data Transfer Agreement as agreed upon between CHARITÉ and the RECIPIENT, including but not limited to the requirements of the applicable data protection regulations. With my signature I confirm the receipt of a copy of this agreement. ______________________ ______________________ [Place, date, name] Annex 3 Principle of IT-Security An appropriate level of data protection shall be ensured through appropriate technical and organisational measures: Guarantee of confidentiality Admission control No unauthorised access to data processing equipment, e.g: magnetic or chip cards, keys, electric door openers, plant security or gatekeepers, alarm systems, video systems Access control No unauthorized system use, e.g: (secure) passwords, automatic locking mechanisms, two-factor authentication, encryption of data carriers No unauthorized reading, copying, modification or removal within the system, e.g: authorization concepts and need-based access rights, logging of accesses Guarantee of integrity Transmission control No unauthorized reading, copying, modification or removal during electronic transmission or transport, e.g: encryption, Virtual Private Networks (VPN), electronic signature Input control Determination whether and by whom personal data have been entered, modified or removed from data processing systems, e.g: logging, document management Guarantee of the availability and resilience of the system Availability control Protection against accidental or deliberate destruction or loss, e.g: Backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), virus protection, firewall, reporting channels and emergency plans Rapid recoverability Procedures for regular review, assessment and evaluation Data protection management Incident response management Privacy friendly default settings The implementation shall take into account the state of the art, implementation costs and the nature, scale and purposes of the processing, as well as the varying degrees of probability and seriousness of the risk to the rights and freedoms of natural persons. The technical and organisational measures are subject to technical progress and further development.