This webpage is only available in English

Due to COVID-19 we are currently unable to guarantee our normal turnaround time for processing Data Access Requests.

We are working as fast as we can under the current conditions, but regret we cannot commit to any deadlines.

APPLYING FOR DATA: DATA POLICY

All relevant documents related to applying for data can be found at the bottom of this page.

 

Data usage for scientific research or reasons directly related to treatment of the patient

 

One of the main goals of Hartwig Medical Foundation is to make our data available for scientific research. This scientific research must contribute to the improvement of treatment of cancer and must serve the public interest within the boundaries of privacy legislation. Only data that is required for the underlying research project may be requested. 

There are four data request scenarios (and thereby different routes that can be followed to obtain access to the data):

1. The researcher wants to request access to data from several hospitals. In this scenario the researcher can, but does not need to be affiliated with a hospital that has contributed samples to the Hartwig Medical Database. The Data Access Request procedure applies.

 

2. The researcher wants to request access to data only from the hospital he/she is affiliated with and for research purposes other than that described in the original study design (data reuse). The Data Access Request procedure applies here too. Although this access request only covers data from the hospital the researcher is affiliated with, the request concerns data reuse and the Data Access Request procedure is specifically designed to assess whether the applicable research complies with the ethical and legal constraints in relevant legislation and the terms of the informed consent that was signed by the patient.

 

3. The treating physician (or a researcher on their behalf) wants to request data of patient(s) from the hospital he/she is affiliated with for reasons directly related to treatment of the patient. The Clinical Request procedure applies.

 

4. The researcher wants to request access to data only from the hospital he/she is affiliated with for research purposes described in the original study design. The Clinical Request procedure applies.

 

Please consult our Data Guide for details on the data available for research.

Data Access Request procedure

1. To request data access following the Data Access Request procedure, please send an email to info@hartwigmedicalfoundation.nl including the name, surname and email address of the main applicant. We will contact you within a week and provide information on how to submit an online Data Access Request. For details on the procedure, please read the General instructions for completing a Data Access Request.

 

2. During the Data Access Request procedure, you will need to create a Google Cloud Platform account (using the institutional email address of the donwload contact indicated in the Data Access Request form) and enable multi-factor authentication. For instructions, please read Creating a Google Cloud Platform account.

 

3. The Data Access Request will go through scientific assessment and will be reviewed by the independent Data Access Board within six weeks of receipt of the completed and signed online Data Access Request form.

 

4. If the Data Access Request is approved, the researcher, the Licensee and a representative of Hartwig Medical Foundation must jointly sign the ‘License Agreement for EEA countries’ or the ‘License Agreement for non-EEA countries’, which establish the rights and obligations governing the use of the data.

 

5. Hartwig Medical Foundation will make the licensed data available through the Google Cloud Platform after the License Agreement has been signed by all parties. Making the data available requires a valid GCP account with multi-factor authentication enabled that has been created using the institutional email address of a download contact of the Data Access Request (for instructions, please read Creating a Google Cloud Platform account).

 

If you wish to know more about the Data Access Request procedure, please read the Guiding Principles and the Rules of Procedure at the bottom of this page. If you have any other questions, please read the FAQs or send an email to info@hartwigmedicalfoundation.nl.

 

Adding a download contact to an approved Data Access Request

1. As stipulated in article 4.5 of the License Agreement, the organization (the Licensee) must make a request to add new users as download contacts to a Data Access Request. These users must be involved in the project and working in the organization with the approved Data Access Request.
2. The person who signed the License Agreement on behalf of the institution (and not the main applicant/researcher) can send us an email with a formal request to add a download contact, including the number of the Data Access Request and the name, position and email address of the new download contact.
3. We will send an email to confirm receipt.
4. We can thereafter make the data available for the new ‘download contact’ through the Google Cloud Platform. This requires a valid GCP account with multi-factor authentication enabled that has been created using the new download contact’s institutional email address (for instructions, please read Creating a Google Cloud Platform account).

Request for extension of usage of the data of the Data Access Request

A Licensee may request an extension of the term during which they may use the licensed data. The Licensee will receive a reminder to do so near the end of the term of the Data Access Request. An extension can be requested by completing an online request form and can optionally include a one-time update of the licensed data. The request for extension will also be assessed in accordance with the Rules of Procedure and Guiding Principles for Data Access Requests.

The licensee will be informed whether their request for extension has been granted. 

Note: the above procedure does not apply for DR-001 to DR-134. Instead you can download and complete the Data Access Request Renewal form and email it to info@hartwigmedicalfoundation.nl.

Approved Data Access Requests

If you wish to know which Data Access Requests have been submitted and approved, please refer to the list of approved Data Access Requests.

Clinical Request procedure

Approval of the request (with description of the purpose, i.e. medical reason or original study purpose) should be collected from the Central study organization/PI and the Local study PI of the hospital the applicant is affiliated with. Please use this standard form to get approval and submit the request. The approved request can be sent to ict@hartwigmedicalfoundation.nl, after which the data will be prepared and made available through the Google Cloud Platform within one week. Note: making the data available requires a valid GCP account with multi-factor authentication enabled that has been created using the institutional email address of the person registered in the standard form (for instructions, please read Creating a Google Cloud Platform account).

Handling data with due care

To ensure the correct use of data provided by patients and institutions, the core values of Hartwig Medical Foundation have been translated into basic Guiding Principles in four different fields (social, ethical, legal and contractual). It goes without saying that Hartwig Medical Foundation applies a strict privacy policy to the use of personal data.

European privacy legislation

In keeping with European privacy legislation (i.e. the General Data Protection Regulation, or GDPR), specific arrangements apply for providing data to parties residing in a country outside the European Economic Area (EEA).

On July 16th the EU Court of Justice (CoJ) passed judgment in the Schrems II case. In this judgment the EU-US Privacy Shield framework was declared invalid. This is part of the legal basis on which we transfer our data to US based parties, the other one being the EU Model Clauses. The judgment also raised the bar for data transfers to other non-EEA based parties, for whose jurisdiction the European Commission did not issue a so called adequacy decision.

What does this mean?

We can only transfer data to non-EEA parties if we can establish that the level of protection of data in such jurisdiction is adequate and the necessary contractual and technical measures are in place.

How do we establish this?

• We have adopted a questionnaire for non-EEA parties based in jurisdictions without an adequacy decision to fill out. Based on the answers provided we will assess the level of data protection. The questionnaire is available for download below.
• A license agreement specifically for non-EEA parties based in jurisdictions without an adequacy decision. The license agreement is available for download below.
• The technical measures in place to protect data from unwanted/unauthorized access already met the required standards.

Download the questionnaire for non-EEA parties

If your institution is a non-EEA party based in a jurisdiction without an adequacy decision, the questionnaire needs to be completed and the draft license agreement is to be agreed upon in advance, in order to be eligible for a data access.

Note: EEA-based parties are generally only subject to the Hartwig Medical Foundation’s ‘License Agreement for EEA countries’, also available for download below.

Rules for publication

Researchers making use of data provided by Hartwig Medical Foundation will have to explicitly acknowledge this in every publication, by using at least the text below.

This publication and the underlying research are partly facilitated by Hartwig Medical Foundation and the Center for Personalized Cancer Treatment (CPCT) which have generated, analysed and made available data for this research.

For an exact description read our complete Publication Policy.