Terms of Service

Version: 1 Effective date: 10 November 2025 Privacy Policy

DataMedic Ltd – Terms of Service

1. Introduction and Acceptance of Terms

Welcome to DataMedic Ltd ("DataMedic", "we", "us", or "our"). These Terms of Service ("Terms") constitute a legally binding agreement between you (the "User", "you", or "your") and DataMedic Ltd, governing your access to and use of our healthcare analytics platform, services, and related offerings (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use our Services.

Note: Important: These Terms apply to all users of our platform, including NHS GP practices, Primary Care Networks (PCNs), Integrated Care Boards (ICBs), healthcare professionals, pharmaceutical companies, and any other parties accessing our Services. Different user types may be subject to additional terms as specified in separate agreements.

Company Details
- Legal Name: DataMedic Ltd
- Company Number: 16197240
- Registered Office: 128 City Road, London, United Kingdom, EC1V 2NX
- Contact: info@datamedic.uk

2. Definitions

For the purposes of these Terms, the following definitions apply:

  • "Platform" means the DataMedic web-based application, dashboards, APIs, and associated technology infrastructure
  • "Services" means all services provided by DataMedic, including population health analytics, prescribing data analysis, bespoke research, and related offerings
  • "NHS Data" means patient data originating from NHS primary care clinical systems (EMIS, SystmOne/TPP)
  • "User Account" means the individual access credentials provided to authorized users
  • "Data Controller" means the NHS organisation (GP practice, PCN, ICB) that determines the purposes and means of processing patient data
  • "Data Processor" means DataMedic Ltd, which processes NHS patient data on behalf of Data Controllers
  • "Authorised Users" means individuals granted access by Data Controllers to view and analyze patient data
  • "Subscription" means paid access to specific clinical modules or "bolt-ons" within the Platform

3. Eligibility and Account Registration

3.1 Eligibility Requirements

You may only use our Services if you meet the following criteria:
- You are at least 18 years of age
- You are a healthcare professional, NHS employee, or authorised representative of an NHS organisation or pharmaceutical company
- You have the legal capacity to enter into binding contracts under applicable law
- You are not prohibited from accessing our Services under UK law or regulations
- Your organisation has entered into a valid Data Processing Agreement (DPA) or Master Services Agreement (MSA) with DataMedic (where applicable)

3.2 Account Registration

To access our Services, you must create a User Account by providing accurate, complete, and current information, including:
- Full name and job title
- Professional email address
- NHS organisation affiliation (for NHS users)
- Professional registration details (where applicable)

3.3 Account Security

You are responsible for:
- Maintaining the confidentiality of your login credentials
- All activities that occur under your User Account
- Notifying us immediately of any unauthorized access or security breach
- Ensuring your account information remains accurate and up to date

Note: Critical: Sharing login credentials is strictly prohibited and may result in immediate account termination and legal action.

3.4 Account Verification

DataMedic reserves the right to verify your identity and professional credentials before granting access to Services. We may request additional documentation, including NHS smartcards, professional registration certificates, or employment verification.

4. Description of Services

4.1 Core Platform Features

DataMedic provides the following core Services:
- Population Health Dashboards: Disease-specific analytics modules (obesity, diabetes, cardiovascular, respiratory conditions) aligned with NHS clinical guidelines and QOF indicators
- Data Import Management: Secure upload and processing of NHS primary care data extracts
- Insight Generation: Automated identification of patient cohorts eligible for interventions, health checks, and preventive care
- Prescribing Data Analysis: Analysis of English prescribing data (ePACT2/OpenPrescribing) for pharmaceutical market research
- Bespoke Analytics: Custom research projects and data analysis tailored to client specifications

4.2 Subscription-Based Access

Certain clinical modules ("Bolt-Ons") require active paid subscriptions. Access to these modules is subject to:
- Valid payment and subscription status
- Compliance with module-specific terms and usage restrictions
- Data Processing Agreements covering the scope of data accessed

4.3 Service Modifications

DataMedic may modify, suspend, or discontinue any aspect of the Services at any time, with or without notice, except where such changes would materially diminish the core functionality promised under a paid subscription.

5. User Obligations and Acceptable Use

5.1 Professional Use Only

You agree to use the Services exclusively for legitimate healthcare, research, or business purposes consistent with NHS data standards and UK law. Specifically, you agree to:
- Access patient data only for authorized clinical or analytical purposes
- Comply with all applicable data protection laws, including UK GDPR and the Data Protection Act 2018
- Follow NHS Information Governance requirements and your organisation's policies
- Maintain appropriate professional standards when handling sensitive healthcare information

5.2 Prohibited Conduct

You agree NOT to:
- Access or attempt to access data belonging to organisations you are not authorized to view
- Share, distribute, or republish patient-level data outside the Platform without proper legal authorization
- Attempt to re-identify anonymized or pseudonymized patient information
- Use the Services for any unlawful purpose or in violation of applicable regulations
- Reverse engineer, decompile, or attempt to extract source code from the Platform
- Introduce viruses, malware, or other malicious code
- Interfere with or disrupt the integrity or performance of the Services
- Use automated scripts, bots, or scrapers to extract data without authorization
- Impersonate another user or provide false information
- Circumvent security measures or access controls

5.3 Data Accuracy and Quality

When uploading data to the Platform, you represent and warrant that:
- You have the legal right and authority to upload and process the data
- The data is accurate, complete, and current to the best of your knowledge
- The data complies with NHS data extraction standards and formats
- You have obtained all necessary consents and approvals from your Data Controller

6. Data Processing and Privacy

6.1 Data Processor Role

DataMedic acts as a Data Processor on behalf of NHS organisations (Data Controllers). All processing of NHS patient data is governed by separate Data Processing Agreements (DPAs) that specify:
- The nature and purpose of data processing
- The types and categories of personal data processed
- Data retention periods and deletion procedures
- Security measures and technical safeguards
- Sub-processor arrangements (if any)

6.2 Privacy Policy

Our collection and use of personal information is governed by our Privacy Policy, which forms part of these Terms and is available at https://datamedic.uk/legal/privacy. By using our Services, you consent to the practices described in the Privacy Policy.

6.3 Data Security

We implement industry-standard security measures, including:
- Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- Role-based access controls and authentication
- Regular security audits and penetration testing
- UK or EEA-based data storage and processing
- DSPT compliance and Cyber Essentials certification

However, no system is completely secure. You acknowledge that data transmission over the internet carries inherent risks.

6.4 Data Breach Notification

In the event of a data breach affecting personal data, we will notify affected Data Controllers within 24 hours and comply with all UK GDPR breach notification requirements.

7. Intellectual Property Rights

7.1 Platform Ownership

The Platform, including all software, algorithms, dashboards, documentation, and related materials, is the exclusive property of DataMedic Ltd and is protected by UK and international copyright, trademark, and intellectual property laws.

7.2 Limited License

Subject to your compliance with these Terms, DataMedic grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Services for your internal business or professional purposes. This license does not permit:
- Copying, modifying, or creating derivative works of the Platform
- Selling, renting, leasing, or sublicensing access to the Services
- Removing or altering proprietary notices or branding

7.3 User Data Ownership

You (or your organisation) retain all ownership rights to the NHS patient data you upload to the Platform. DataMedic claims no ownership over your data, except as necessary to provide the Services and as specified in Data Processing Agreements.

7.4 Feedback and Suggestions

If you provide feedback, suggestions, or ideas for improvements ("Feedback"), you grant DataMedic a perpetual, irrevocable, worldwide, royalty-free license to use, modify, and incorporate such Feedback into our Services without compensation or attribution.

8. Fees, Payment, and Subscriptions

8.1 Pricing

Certain Services require payment of subscription fees or project-based charges. Current pricing is available on our website or by contacting our sales team at info@datamedic.uk. Pricing is subject to change upon 30 days' notice to existing subscribers.

8.2 Payment Terms

Unless otherwise agreed in writing:
- Subscription fees are billed annually in advance
- Payment is due within 30 days of invoice date
- Late payments may incur interest under the Late Payment of Commercial Debts (Interest) Act 1998
- All fees are exclusive of VAT (which will be added where applicable)

8.3 Subscription Auto-Renewal

Subscriptions automatically renew for successive periods equal to the initial term unless you provide written notice of non-renewal at least 30 days before the renewal date.

8.4 Cancellation and Refunds

You may cancel your subscription at any time, but fees paid for the current subscription period are non-refundable except in cases of material breach by DataMedic. Cancellation takes effect at the end of the current billing cycle.

8.5 Suspension for Non-Payment

DataMedic may suspend access to paid Services if payment is more than 14 days overdue, following written notice to you.

9. Term and Termination

9.1 Term

These Terms commence when you first access the Services and continue until terminated by either party as described below.

9.2 Termination by You

You may terminate these Terms at any time by:
- Ceasing all use of the Services
- Requesting deletion of your User Account by contacting support@datamedic.uk
- Cancelling any active subscriptions

9.3 Termination by DataMedic

We may terminate or suspend your access immediately, without prior notice, if:
- You breach any provision of these Terms
- You fail to pay fees when due
- We reasonably believe your conduct poses a security or legal risk
- We are required to do so by law or regulatory authority
- Your Data Processing Agreement expires or is terminated

9.4 Effect of Termination

Upon termination:
- Your right to access the Services immediately ceases
- DataMedic will delete or return your data within 30 days, unless legal retention is required
- You remain liable for all fees accrued before termination
- Provisions relating to intellectual property, confidentiality, indemnification, and liability limitations survive termination

10. Warranties and Disclaimers

10.1 Service Availability

While we strive for high availability, we do not guarantee uninterrupted or error-free operation of the Services. We may perform scheduled maintenance with advance notice where feasible.

10.2 Data Accuracy

DataMedic processes and presents data as provided by users and third-party sources. We do not warrant the accuracy, completeness, or reliability of any data, insights, or recommendations generated by the Platform. Clinical decisions must always be made by qualified healthcare professionals using their professional judgment.

10.3 Disclaimer of Warranties

TO THE MAXIMUM EXTENT PERMITTED BY UK LAW, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:
- Implied warranties of merchantability, fitness for a particular purpose, or non-infringement
- Warranties regarding security, accuracy, reliability, timeliness, or performance
- Warranties that defects will be corrected or that the Services will be free from viruses or harmful components

Note: Important: This disclaimer does not affect your statutory rights as a consumer or limit our liability for matters that cannot be excluded under UK law (such as death or personal injury caused by negligence).

10.4 No Medical Advice

DataMedic does not provide medical advice, diagnosis, or treatment. The Services are analytical tools to support healthcare professionals in their clinical decision-making. All medical decisions remain the sole responsibility of qualified healthcare professionals.

11. Limitation of Liability

11.1 Exclusions

Nothing in these Terms excludes or limits DataMedic's liability for:
- Death or personal injury caused by negligence
- Fraud or fraudulent misrepresentation
- Breach of obligations implied by Section 2 of the Supply of Goods and Services Act 1982
- Any other liability that cannot be excluded or limited under UK law

11.2 Liability Cap

Subject to Section 11.1, DataMedic's total aggregate liability arising out of or in connection with these Terms or the Services, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the greater of:
- £100,000 (one hundred thousand pounds sterling), or
- The total fees paid by you to DataMedic in the 12 months preceding the event giving rise to the claim

11.3 Exclusion of Consequential Damages

To the maximum extent permitted by law, DataMedic shall not be liable for:
- Indirect, incidental, special, consequential, or punitive damages
- Loss of profits, revenue, business, data, or anticipated savings
- Loss of goodwill or reputation
- Business interruption
- Claims, damages, or losses arising from third-party actions

This exclusion applies even if DataMedic has been advised of the possibility of such damages.

11.4 Force Majeure

DataMedic shall not be liable for any failure or delay in performing obligations under these Terms due to circumstances beyond our reasonable control, including acts of God, war, terrorism, pandemic, governmental actions, internet disruptions, or failures of third-party services.

12. Indemnification

You agree to indemnify, defend, and hold harmless DataMedic Ltd, its directors, officers, employees, agents, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or in connection with:
- Your breach of these Terms or violation of applicable laws
- Your misuse of the Services or Platform
- Unauthorized access to or use of your User Account
- Data you upload to the Platform, including any claims of infringement or breach of third-party rights
- Your violation of the rights of any third party
- Any clinical decisions made using insights generated by the Platform

DataMedic may assume exclusive defence and control of any matter subject to indemnification, in which case you agree to cooperate fully.

13. Confidentiality

13.1 Confidential Information

"Confidential Information" means non-public information disclosed by one party to the other, including technical data, business plans, pricing, customer information, and NHS patient data.

13.2 Obligations

Each party agrees to:
- Keep Confidential Information strictly confidential
- Use Confidential Information only for the purposes of these Terms
- Not disclose Confidential Information to third parties without prior written consent, except as required by law
- Implement reasonable security measures to protect Confidential Information

13.3 Exceptions

Confidential Information does not include information that:
- Is or becomes publicly available through no breach of these Terms
- Was lawfully known prior to disclosure
- Is independently developed without reference to Confidential Information
- Is rightfully received from a third party without confidentiality obligations

13.4 Duration

Confidentiality obligations survive termination of these Terms for a period of five (5) years, except for NHS patient data, which must remain confidential indefinitely unless anonymized.

14. Compliance with Laws and Regulations

14.1 Applicable Laws

You agree to comply with all applicable UK and international laws, regulations, and standards, including but not limited to:
- UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Human Rights Act 1998 (Article 8 - right to privacy)
- Health and Social Care Act 2012
- NHS Information Governance requirements
- NHS Digital Data Security Standards (DSPT)
- Caldicott Principles
- Computer Misuse Act 1990

14.2 Professional Standards

Healthcare professionals using the Services must comply with their respective professional body standards and codes of conduct (e.g., GMC, NMC, GPhC).

14.3 Export Control

You agree not to export or re-export data or Services to countries subject to UK or international sanctions or embargoes.

15. General Provisions

15.1 Entire Agreement

These Terms, together with the Privacy Policy and any applicable Data Processing Agreements or Master Services Agreements, constitute the entire agreement between you and DataMedic regarding the Services and supersede all prior agreements, understandings, and representations.

15.2 Amendments

DataMedic may update these Terms from time to time. We will provide notice of material changes by:
- Posting the updated Terms on our website with a revised "Effective Date"
- Sending an email notification to registered users
- Displaying a prominent notice within the Platform

Continued use of the Services after the effective date constitutes acceptance of the updated Terms. If you do not agree to changes, you must discontinue use of the Services.

15.3 Assignment

You may not assign or transfer these Terms or your rights hereunder without DataMedic's prior written consent. DataMedic may assign these Terms in connection with a merger, acquisition, or sale of assets without your consent.

15.4 Severability

If any provision of these Terms is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it enforceable.

15.5 Waiver

No waiver of any provision of these Terms shall constitute a waiver of any other provision or subsequent breach. Failure to enforce any right or provision does not constitute a waiver of that right.

15.6 Third-Party Rights

These Terms do not confer any rights on third parties under the Contracts (Rights of Third Parties) Act 1999.

15.7 Notices

All notices must be in writing and sent to:
DataMedic Ltd, 128 City Road, London, United Kingdom, EC1V 2NX
Email: info@datamedic.uk

15.8 Governing Law and Jurisdiction

These Terms are governed by the laws of England and Wales. Any disputes arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.

15.9 Dispute Resolution

Before initiating formal legal proceedings, parties agree to attempt to resolve disputes through good-faith negotiation. If negotiation fails after 30 days, either party may pursue legal remedies.

16. Contact Information

For questions, concerns, or notices regarding these Terms of Service, please contact us:

General Enquiries
- Email: info@datamedic.uk
- Post: DataMedic Ltd 128 City Road London, United Kingdom EC1V 2NX

Technical Support
- Email: support@datamedic.uk
- Companies House: Company 16197240

Acknowledgment: By using DataMedic's Services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service. If you have questions or require clarification on any provision, please contact us before using the Services.

Document Control
Version: 1.1
Last Updated: November 10, 2025
Next Review: November 10, 2026 (or sooner if regulatory changes require updates)

NHS & UK GDPR Operational Assurances

Roles and Scope

  • NHS customer data: We act as a Processor and process personal data only on the documented instructions of the Controller and as necessary to deliver the services.
  • Open/public datasets: For services that use only open data (e.g., EPD) with no personal data, DataMedic acts as an independent Controller for those non-personal data flows and derived analytics.

Data Processing (Article 28) – Balanced Commitments

  • We maintain Records of Processing Activities (ROPA) relevant to our processor services and will make available information, third-party audit reports or summaries necessary to demonstrate Article 28 compliance, subject to reasonable notice and confidentiality.
  • We assist Controllers with data subject requests within five (5) business days of a valid instruction.
  • We implement appropriate technical and organisational measures (TOMs) proportionate to risk, aligned to NDG 10 and ISO-27001-style controls.
  • We provide 30 days’ notice before appointing or replacing sub-processors. Controllers may object on reasonable data-protection grounds; failing which, we may proceed to avoid service interruption.
  • We notify the Controller of personal data breaches without undue delay and within 24 hours of becoming aware, and support the Controller with investigation and any required ICO notification within 72 hours.

International Transfers

We do not routinely transfer personal data outside the UK. Where necessary, we will rely on a valid UK transfer mechanism (e.g., IDTA or UK Addendum to the EU SCCs) and perform transfer risk assessment activities.

Business Continuity & Service Levels

We maintain and test BCP/DR; target RPO ≤ 24h and RTO ≤ 8h for production services unless otherwise agreed. Routine maintenance windows and change notifications follow our change management policy.

Intellectual Property and Terminologies

  • SNOMED CT® is used under licence from the UK Terminology Centre; no sublicence or extended rights to terminology content are granted.
  • Open-data analytics (e.g., EPD) are provided under the relevant open-data licences with appropriate attribution and suppression; customers must not attempt re-identification from aggregated outputs.

Precedence and Flexibility

Where a separate Data Processing Agreement (DPA) is in place with an NHS customer, the DPA prevails for data-protection terms if there is any conflict with this ToS. Nothing in this ToS requires obtaining new permissions for routine processing activities already covered by the Controller’s instructions and the DPA.

See also: Privacy Policy. Questions about this document? Contact us.