NON-DISCLOSURE AGREEMENT (NDA)

 

Pharmacy Data Sharing & Renomination Services

 This Non-Disclosure Agreement (“Agreement”) is entered into between:

 

(1) The Pharmacy

(“Disclosing Party” / “Data Controller”)

 

and

 

(2) DHM Digital Limited, trading as Renominate

Company Number: 16953956

Registered Address:

Moorgate Crofts Business Centre,

South Grove, Rotherham, S60 2DH

(“Receiving Party” / “Data Processor”)

 

Together referred to as the “Parties”.

 

  1. Purpose of This Agreement

 

The purpose of this Agreement is to enable the secure, lawful, and confidential sharing of limited patient information by the Pharmacy with Renominate solely for the purpose of delivering a patient renomination and engagement service.

 This Agreement governs how data is shared, used, protected, accessed, reported on, and deleted.

 Scope of Confidential Information

 For the purposes of this Agreement, “Confidential Information” includes:

 2.1 Pharmacy Confidential Information

 Business data

 Operational information

 Commercial terms

 Reports, analytics, or performance data

 Internal processes disclosed during service delivery

 2.2 Patient Data (Strictly Limited)

 The Pharmacy may provide only the minimum data required for the renomination service, specifically:

 Patient full name

 Patient postal address

 Patient telephone number

 Date the EPS nomination was moved away

 No clinical data, medical history, prescription details, NHS numbers, or diagnostic information are required or permitted.

 Permitted Use of Patient Data

 Renominate agrees that patient data may only be used for:

 Creating a controlled, secure working dataset (e.g. spreadsheet)

 Contacting patients for the sole purpose of nomination / renomination support

 Recording outcomes of patient contact

 Providing outcome reporting back to the Pharmacy

 Patient data must not be used for:

 Marketing unrelated services

 Profiling

 Analytics beyond the agreed service

 Sale or disclosure to any third party

 Any purpose outside the written instruction of the Pharmacy

 Data Protection & GDPR Compliance

 4.1 The Pharmacy remains the Data Controller at all times.

4.2 Renominate acts solely as a Data Processor.

4.3 All processing is conducted in accordance with:

 UK GDPR

 Data Protection Act 2018

 ICO guidance

 NHS data protection principles (where applicable)

 Renominate will process data only on documented instruction from the Pharmacy.

 Data Security Measures

 Renominate confirms that all patient data will be protected using healthcare-grade security controls, including:

 Encrypted file storage and transfer

 Restricted, role-based access

 No shared or public storage systems

 Secure password management

Access logging and monitoring

 No local storage on personal devices

 Patient data will never be uploaded to unsecured platforms or shared folders.

 Data Access & Reporting Process

 6.1 Patient data will be held in a secure spreadsheet or dataset.

6.2 Each patient record will be updated with an outcome status following contact.

6.3 Upon completion of the campaign:

 Secure access will be provided to the Pharmacy

 The Pharmacy may review and accept the outcomes

 No further processing will take place without written approval

 Data Deletion & Confirmation

 7.1 Once the Pharmacy confirms acceptance of the outcomes:

 All patient data will be permanently deleted from Renominate systems

 Any backups containing the data will be removed in line with secure deletion procedures

 7.2 Written confirmation of deletion will be provided by email.

 No patient data will be retained beyond the operational need.

 Confidentiality Obligations

 Each Party agrees to:

 Keep Confidential Information strictly confidential

 Restrict access to authorised personnel only

 Use Confidential Information solely for the agreed purpose

 Not disclose Confidential Information to any third party without written consent

 These obligations survive termination of this Agreement.

 Sub-Processors

 Renominate may use GDPR-compliant infrastructure providers (e.g. hosting, secure messaging services) strictly as sub-processors.

 All sub-processors:

 Operate under written contracts

 Are prohibited from using data for any independent purpose

 Are restricted to minimum access required

 A list of sub-processors is available on request.

 Data Breach Notification

 In the unlikely event of a data breach:

 Renominate will notify the Pharmacy without undue delay

 Full details will be provided, including mitigation steps

 Renominate will cooperate fully with any regulatory requirements

 Term & Termination

 This Agreement becomes effective on the date of signature and remains in force:

 For the duration of the service, and

 Indefinitely in respect of confidentiality obligations

 Either Party may terminate with written notice.

 Termination does not affect data protection or confidentiality obligations.

 Limitation of Liability

 Renominate shall not be liable for:

 Errors resulting from inaccurate data supplied by the Pharmacy

 Regulatory action caused by misuse of data by the Pharmacy

 Events beyond reasonable control

 Nothing in this Agreement limits liability for data breaches caused by Renominate’s negligence.

 Governing Law

 This Agreement is governed by the laws of England and Wales, and the courts of England and Wales shall have exclusive jurisdiction.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by