data use agreement (model contract) the following contract
Post on 13-Jan-2017
Embed Size (px)
Data Use Agreement (Model Contract)
The following contract governing on-site use of anonymized individual data is concluded by
Institut fr Forschungsinformation und Qualittssicherung e. V. (iFQ) [Institute for Research Information and Quality Assurance]
represented by Director Prof. Dr. Stefan Hornbostel
- hereinafter referred to as Data Provider -
Name of the scientific facility
Address of the scientific facility
Name of the representative of the scientific facility
- hereinafter referred to as Data Recipient -
Article 1 Contract Data Basis
(1) Data Provider shall provide Data Recipient with the following statistical individual data free of charge: XXXXXXX
- hereinafter referred to as the data basis - The designation "data basis" also embraces parts of the data basis and duplicates of the data basis. Even data records that result from mathematical changes of the delivered data constitute data basis in the sense of this contract. The place of performance is the registered place of business of Data Provider. (2) Data Recipient is only permitted to use and to process the data basis within the framework of the scientific project with the title: XXXXXXXXXXXXXXXXX. Passing on of the data basis to a third party is not permitted. Processing or use for other purposes, particularly in the context of reports for private clients, requires a separate agreement.
Article 2 Entitlements and Liability
(1) If Data Recipient proves that the data basis provided is significantly different to that agreed to, Data Recipient shall be entitled to subsequent improvement within a week of the first use of the data basis. Farther-reaching claims of whatever sort are excluded. (2) Data Recipient shall be liable vis--vis iFQ for all damage resulting from handling of the data basis that is not in keeping with the agreement reached and shall to this extent exempt Data Provider of all liability claims of third parties. Cases of liability shall justify termination for good cause.
Article 3 Prohibition of Deanonymization, Secrecy
(1) Data Recipient must refrain from all action that is intended to, or suitable for deanonymization of the anonymized individual data contained in the data basis. (2) Data Recipient shall not be permitted to merge the data basis with other data records. Any exceptions shall require special approval by Data Provider. Such approval can only be given if complete data-record-describing material on the other data record is made available to Data Provider. The approval shall only be given if the possibility of deanonymization due to the uniting of the data records can be excluded. (3) If anonymized individual data contained in the data basis is deanonymized, even if this is not due to a deliberate attempt to deanonymize it, Data Recipient shall keep this individual data secret with respect to all other persons, and shall notify Data Provider directly, exclusively and immediately of the deanonymization and of the associated circumstances. (4) Results in publications and presentations must be summarized such that no inference to individuals can be made. Neither the data basis nor any parts of it may be published.
Article 4 Persons with Rights of Use
(1) The data basis may only be used by persons named in this contract, persons working for Data Recipient who are entrusted with the processing of the research project indicated in article 1, subsection 2. These are the following persons:
Notification of new persons with rights of use must be given by Data Recipient; article 11 must be observed. (2) Data Recipient shall inform the persons designated in article 1 about the obligation to observe data secrecy and shall send Data Provider a declaration signed by the said persons in each case on observance of data secrecy in accordance with Appendix 1 of this contract. (3) Data Recipient is not permitted to engage the help of third parties (commissioned appointees, self-employed persons, freelance workers) for the storage, processing or use of the data basis. Violation of this regulation shall entitle Data Provider to terminate this contract without notice.
Article 5 User Database
(1) Data Recipient declares its agreement that details disclosed by it in the context of this contract may be stored and processed by Data Provider. (2) The details in keeping with subsection 1 shall be used to control the user agreements, for obligations of Data Provider to account for its actions and for publication in user lists.
Article 6 Data Security Measures
(1) Data Provider and Data Recipient shall ensure, by adopting suitable technical and organizational measures, that only the persons designated in article 4, subsection 1 have access to the data basis. (2) Data Recipient shall ensure, by means of technical and organizational measures, that no third parties shall obtain knowledge of individual data or of results that can be traced back to individual data. (3) The storage, processing and utilization of the data basis are only permissible on computers that are located in rooms of Data Provider. Data Recipient and the persons with rights of use must not process the data basis on private computers or on private storage media. (4) Data Provider shall ensure that access to the electronic data processing workplace is password-protected and that this password is regularly renewed. Data Provider shall also ensure that access to the data basis is associated with an appropriate individual authorization. And Data Provider shall furthermore guarantee that the data basis is only stored, processed and used on a data-processing system (computer) that is under its supervision. External access to the data basis shall be precluded.
(5) Data Recipient must not copy the data basis (article 1). If, in exceptional cases, such an approach is necessary for the research project, the duplicate must be handled in the same way as the original. The preparation of duplicates in exceptional cases shall require the approval of Data Provider; article 11 must be observed here. At the request of Data Provider, information on the number of duplicates made and their whereabouts must be provided. (6) Data Recipient shall grant Data Provider the right
to obtain information from it, to examine documents and data-processing programs, if this is necessary, in the
context of the agreement, for supervision of the data protection.
Article 7 Publication of Results, Indicating Sources
(1) If Data Recipient publishes results that are based on work undertaken with the data basis, it shall be obliged to inform Data Provider of this and to send Data Provider three copies of the publication, free of charge and free of remuneration, one month after publication at the latest. Data Recipient shall ensure that this is also carried out for results and publications of the persons indicated in article 4, subsection 1. (2) In its publications, in as much as these refer to the data basis, Data Recipient shall be required to name Data Provider, in appropriate form, as the source. Data Recipient shall ensure that obligation is also satisfied in the publications of the persons indicated in article 4, subsection 1. (3) Data Recipient undertakes to refer to the contract data in all publications as follows: XXX Source: iFQ. Under illustrations, etc., this source reference shall be shortened to: iFQ XXX .
Article 8 Period of Use and End of the Contract
(1) Agreement has been reached on use of the data basis until XX.XX.XXXX. On this day the permission to use expires. Any further use after the agreed last day of permissible use shall represent a violation of the right of use. (2) The period of use can be extended at the request of Data Recipient. The decision shall be made by Data Provider. Data Provider shall notify Data Recipient of this decision in writing. (3) iFQ shall be entitled to terminate the contract for good cause. Good cause shall be given particularly by breach of duty in keeping with article 10 of this contract. Data Recipient shall be entitled to terminate the contract within a month, to the respective end of the month. The right of Data Recipient to termination for good cause remains unaffected.
Article 9 Safekeeping of Data at the End of the Contract
For reasons of reproducibility and understandability, after the end of the contract iFQ will keep the data material utilized by data users and the associated work material for a period of five years and will be allowed to control possible analysis results published. Furthermore, this shall give Data Recipient the possibility to have another look at the data basis and work material after the end of the contract.
Article 10 Breach of Duty
(1) In the event of a violation by Data Recipient of the obligations in keeping with article 1, subsection 2, and articles 3, 4, 6 and 7 Data Recipient shall be obliged, at the request of Data Provider, to pay a contract penalty of up to 1000 for each individual violation. The enforcement of further damages is not thereby excluded. (2) In particularly serious cases the scientific facility can be excluded for a period of 2 years from any further data supply by Data Provider. (3) Data Provider reserves the right to make violations in keeping with article 1 public and thereby to name Data Recipient and persons with rights of use.
Article 11 Amendments of Contract, Place of Juris