EGAD00010000708

KAROLINSKA INSTITUTET DATA ACCESS AGREEMENT

KAROLINSKA INSTITUTET DATA ACCESS AGREEMENTThis agreement governs the terms on which access will be granted to genetic data generated by Karolinska Institutet (“KI”).In signing this agreement, You are agreeing to be bound by the terms and conditions of access set out in this agreement.For the sake of clarity, the terms of access set out in this agreement apply both to the User and the User’s Institution (as defined below). User Institution and User are referred to within the agreement as “You” and “Your” shall be construed accordingly.Definitions:Data means all and any human genetic data obtained from KI, as detailed in Attachment 1.Data Subject means a person, who has been informed of the purpose for which the Data is held and has given his/her informed consent thereto.User means a researcher whose User Institution has previously completed this Data AccessAgreement and has received acknowledgement of its acceptance.User Institution means the organisation at which the User is employed, affiliated or enrolled.Terms and Conditions:In signing this Agreement:1.You agree to use the Data only for the advancement of medical research, according to the consent obtained from sample donors.2.You agree not to use Data or any part thereof for the creation of products for sale or for any commercial purpose.3.You agree to preserve, at all times, the confidentiality of information and Data pertaining to Data Subjects. In particular, You undertake not to use, or attempt to use the Data to compromise or otherwise infringe the confidentiality of information on Data Subjects and their right to privacy.4.You agree not to attempt to link the data provided under this agreement to other information or archive data available for the data sets provided, even if access to that data has been formally granted to you, or it is freely available without restriction, without specific permission being sought from the relevant access committees.5.You agree not to transfer or disclose the Data, in whole or part, or any identifiable material derived from the Data, to others, except as necessary for data/safety monitoring. Should You wish to share the Data with a collaborator outside the same Institution, the third party must make a separate application to KI for access to the Data. 6.Any information included in the Data shall be securely safeguarded, encrypted and appropriately protected from unauthorized access, use and theft. Recipient will, as a minimum, observe the requirements on IT security set forth in Attachment 2. If Recipient becomes aware of any unauthorized access to or use or disclosure of information included in the Data, Recipient will notify KI immediately. KI has collected personal data from human subjects and is the controller of the data. Any information in the Data transferred to Recipient shall be coded and the link between such codes and the individual subjects shall be retained by KI. On request of a study subject, KI is obliged to provide information about the register data or to correct, block, restrict or erase data regarding that study subject. Recipient undertakes to take the same measures in respect of information included in the Data transferred to Recipient, as instructed by KI. Recipient further agrees not to use the information included in the Data to identify the subjects nor to contact them under any circumstances.7.You agree to use the data only for the approved purpose and project described in your application; use of the data for a new purpose or project will require a new application and approval.8.You accept that Data might be reissued from time to time, with suitable versioning. If the reissue is at the request of sample donors and/or other ethical scrutiny, You will destroy earlier versions of the Data.9.You agree to acknowledge in any work based in whole or part on the Data, the published paper from which the Data derives, the version of the data, and the relevant primary collectors and their funders (as applicable). Nothing in this agreement shall be construed as conferring rights to use in advertising, publicity or otherwise the name, trademark or logotypes of Karolinska Institutet without prior written approval.10. You accept that KI, the original data creators, depositors or copyright holders, or the funders of the Data or any part of the Data supplied:a) bear no legal responsibility for the accuracy or comprehensiveness of the Data; andb) accept no liability for any damages, including direct or indirect, consequential, or incidental, damages or losses arising from use of the Data, or from the unavailability of, or break in access to, the Data for whatever reason. User and/or User Institution shall indemnify and hold harmless KI and any of its employees from and against any loss, claim, damage or liability incurred by KI as a result of any acts or omissions by User in connection with use of the Data under this agreement.11. You understand and acknowledge that the Data is protected by copyright and other intellectual property rights, and that no duplication, except as expressly stated in your application to carry out Your research with the Data is permitted. No sale of all or part of the Data is permitted.12. You recognize that nothing in this agreement shall operate to transfer to the User Institution any intellectual property rights relating to the Data. 13. You accept that it may be necessary for KI or its appointed agent to alter the terms of this agreement from time to time in order to address new concerns or legislation. In this event, KI or its appointed agent will contact You to inform You of any changes and You agree that Your continued use of the Data shall be conditioned on the parties entering into a new agreement reflecting such concerns or legislation. 14. You agree that you will submit a report to KI, if requested, on completion of the agreed purpose. To the extent permitted by law, KI agrees to treat the report and all information, data, results, and conclusions contained within such report with due care and as confidential information .15. You accept that the Data is protected by and subject to international laws, including but not limited to the Swedish Personal Data Act (1998:204) based on Directive 95/46/EC which aims to prevent the violation of personal integrity in the processing of personal data. You are responsible for ensuring compliance with any such applicable law. KI reserves the right to request and inspect data security and management documentation to ensure the adequacy of data protection measures in countries that have no national laws comparable to the Swedish Personal Data Act. 16. This Agreement shall enter into force on the date of the last signature by the Parties and remain in force for one (1) year or until the purpose as described in the request for access to Data has been completed, whichever occurs first. This Agreement may be terminated by either Party for any reason by giving the other Party thirty (30) days written notice. This agreement will terminate immediately upon any breach of this agreement and You are required to destroy any Data held upon termination or expiry.17. This agreement shall be construed, interpreted and governed by the laws of Sweden and shall be subject to the jurisdiction of the Swedish courts.______________For and on behalf of User:Name ofApplicant(s): Signature ofApplicant(s): Date:For and on behalf of User Institution:Signature of Institutional or AdministrativeAuthority: Print name: User Institution: Date:WHEN SUBMITTING THIS DOCUMENT, PLEASE INCLUDE ALL PAGES OF THE AGREEMENT WITH THIS SIGNATURE PAGEFor and on behalf of Karolinska InstitutetName: Print name: Title: Head of Department Date:ATTACHMENT 1Human genetic data refer to DNA sequence data, epigenetic, transcriptional, and protein data.  ATTACHMENT 2IT SECURITY REGULATIONAccess protection:When computer equipment and removable storage media are not under supervision, the equipment and the media are to be locked away to protect them from unauthorised use, tampering and theft. Otherwise, all personal data must be encrypted. Personal data on laptop computers and their removable storage media must always be encrypted. Back-ups:Personal data must be regularly backed up. These copies are to be kept separate and well protected so that the information can be recovered after a crash.Authorisation:If the computer is used by more than one person, access to personal data must be controlled with a technical authorisation system. Authorisation is to be confined to the person(s) who need the information in their work. Usernames and passwords are personal and non-transferrable. Procedures must be in place for the granting of authorisation. Log:If the computer is used by more than one person, an automatic log or similar must be installed to make it possible to monitor who has had access to personal data at a future date. This log is to list the user, the date and time of access, and the names of the person(s) whose data was retrieved. This information is to be checked as necessary. Data communication:External data communication links are to be protected with a callback or other technical function for checking authorisation. Personal data transferred via data link to a computer located outside the jurisdiction of the organisation must be encrypted. Destruction:When stationary or removable storage media containing personal data are no longer to be used for their intended purpose, all storage media must be destroyed. Alternatively, the personal data must be erased in a way that is impossible to retrieve. Repair and service:When computer equipment is repaired or serviced by a third party, a security agreement must be signed with the service company in question. When computer equipment is being serviced, all storage media containing personal data must be removed; if this is not possible, the service must be carried out under the supervision of the organisation. Service via data link may only proceed after the person performing it has been securely identified. Service personnel are to be given access to the system for the duration of the service only. If a separate communication channel is in place for service, it must be kept closed when service is not being carried out.