Data Access Environment End User Access Agreement (EUAA)

1.1 Please read this EUAA carefully before you start to use the Data Access Environment. The obligations set out in this EUAA are also obligations under the Data Sharing Framework Contract and the Data Sharing Agreement that your organisation has agreed with NHS Digital. Please ensure that you are familiar with the terms and conditions of your organisation's Data Sharing Agreement before accessing and using the Data Access Environment.

1.2. Your use of the DAE is also subject to your compliance with your organisation's DSFC and the relevant DSA(s).

1.3. This is version 2.0 of this EUAA, which was most recently updated on 12 July 2022.

2.1 The following definitions are used in this EUAA:

Data has the same meaning as set out in the Data Sharing Framework Contract.

Data Access Environment or DAE means the secured way for you to access, analyse, and/or save reports related to certain NHS Digital content, which can be accessed from NHS Digital, or by using your login details.

Data Sharing Agreement or DSA means the agreement(s) which an organisation must enter into after signing a Data Sharing Framework Contract to allow access to particular NHS Digital data, copies of which are available to you in the DAE.

Data Sharing Framework Contract or DSFC means the agreement which an organisation must enter into if it wishes to receive and use any of NHS Digital's data, including personal data, setting out the legally binding terms which will apply to each and every occasion data is used by you or an organisation, as referenced in the DSA.

End-User Access Agreement or EUAA means this agreement (together with the documents and links referred to in it) setting out the terms and conditions on which you may use the Data Access Environment.

Intellectual Property Rights has the same meaning as set out in the Data Sharing Framework Contract.

Login details means the user name and password which you use to access the Data Access Environment.

Network provider means the provider of your network or other facility which you use to obtain internet connectivity and access.

NHS Digital content means the material in the Data Access Environment, which may include:

• Login details and associated information, website and portal designs, commercial data, information, text, standards, images, interactive services, reports, and any other works or materials,
• but excludes the data as defined in the DSFC.

Organisation means the entity authorised by NHS Digital to access the Data Access Environment after entering into a Data Sharing Framework Contract and applicable Data Sharing Agreements.

Privacy policy means that policy identified in paragraph 5.1.

Third-party tool(s) means certain third-party tools, products, or services (including any enhancements, upgrades or versions thereof) which we make available to you from time to time for use in the management, analysis and/or modelling of NHS Digital content or data within the DAE.

Third-party tool provider means the provider of a third-party tool.

Virus means computer viruses, trojans, worms, logic bombs, disabling code or routines, or other materials which are malicious or technologically harmful.

We, our, us, and NHS Digital are references to the Health and Social Care Information Centre, a non-departmental public body established under Section 252 of the Health and Social Care Act 2012.

You or your means the personnel, contractor, agent, or authorised representative of an organisation accessing and using the Data Access Environment.

3.1. This EUAA (together with the documents and links referred to in it) set out the terms and conditions on which you may use the DAE.

3.2. You may access and use the DAE only if you: (i) are an authorised user of the DAE under an applicable valid Data Sharing Agreement of an authorised organisation; (ii) personally agree to be legally bound by this EUAA every time you access the DAE; and (iii) only as directed by us (for example) if you have provided access through a third party workspace such as AWS, you will not attempt to make direct connection to the DAE). If at any time you do not agree to be legally bound by this EUAA you may not access or use the DAE.

3.3. By using the DAE, you are: (i) accepting and consenting to the terms described in this EUAA (such use of the DAE includes accessing, viewing, interacting with, logging in to, downloading materials or data from, uploading content, or using the DAE in any other way); and (ii) confirming that you accept this EUAA and that you agree to comply with it.

4.1. We may make changes at our discretion to the content and features of the DAE, this EUAA, the terms and conditions applicable to any third-party tool, Appendix A, the privacy policy, and any other policies or links applicable to your use of the DAE, at any time and for any reason without providing notice of those changes to you.

4.2. Every time you wish to use the DAE, please ensure that you understand and agree to the provisions that apply at the time. The date of the most current version of this EUAA is set out above in paragraph 1.3.

4.3. Your access and continued use of the DAE after an update has been made signifies your acceptance of those changes. Depending on the update, you may not be able to use the DAE (or any of its functions, or access Data) unless you have accepted any new or additional terms.

5.1 When you access the DAE, we process information about you. We will only use your personal information in accordance with our privacy policy. By using the DAE you warrant that all data provided by you for verification of identity, access, and security purposes is accurate.

5.2 You acknowledge and agree that we and our licensors may collect certain usage data regarding your usage of the DAE ("Usage Data") and that the relevant licensor shall be the owner of such Usage Data.  You acknowledge and agree that the relevant licensor is acting as NHS Digital's processor of any personal data you submit into the DAE and is not acting as your direct processor.  You agree that you will bring any requests or concerns regarding personal data, privacy, data protection or security to NHS Digital rather than any licensor.

5.3 Subject to the rest of this EUAA, we are responsible for managing the DAE and your access to the DAE and will therefore have access to any data and any analysis done by you within the DAE.

6.1 The data rights and responsibilities of NHS Digital are governed by the Freedom of Information Act 2000, the General Data Protection Regulation 2016/679, and the Data Protection Act 2018.

Find our policy and other information on this topic. 

7.1 Your status as a user of the DAE requires your organisation to enter into a DSFC and a DSA with us, and then to receive our confirmation as to your status, which we may give or remove at any time at our discretion for any reason. Your organisation must then also authorise you to access the DAE.

7.2. As further set out in the relevant DSA, you recognise that we may on occasion need to recall and resupply data.

7.3. Our assumption is that your access to the DAE will be from within England, and we are not responsible or liable for your compliance with any local laws, should you seek to access the DAE outside of England. We may limit the availability of the DAE to any person or geographic area at any time at our discretion.

7.4. You recognise that the DAE is a service with other users, and that access or capacity may on occasion be limited. You will comply with any guidance as to fair use that may be given by us from time to time. You recognise that we may need to suspend or throttle usage that is in excess of fair usage at our discretion or where we consider it may impact other users.

7.5. You may only use and save data from the DAE within the DAE, unless we have provided you with permission to download, use, and save that particular data in a secured location outside of the DAE as set out in the applicable DSA. This permission may be granted or withdrawn in accordance with that DSA.

7.6. Uploading your own content to the DAE is only permitted where this is set out and agreed in the applicable DSA. Should you wish to upload content to the DAE you must provide such content to us for us to upload to the DAE.

7.7. Your use of any of the third-party tools available within the DAE may require you to agree to additional terms and conditions in relation to that particular third-party tool before it may be used. Further, your use of any third-party tool will also at all times be subject to: (i) us making that third-party tool available to you; (ii) any controls and/or reasonable use restrictions which we put in place; (iii) the end-user obligations set out in Appendix A; and (v) the terms of the applicable DSA. The availability of any third-party tool will be solely at our discretion.

8.1 We aim to make the DAE accessible (subject to the controls) and comply with standards which should work on the majority of browsers in use. However, we offer no warranty for the DAE working in any particular browser or configuration. Please note that you may see inconsistencies in the presentation of pages if you are using an older or deprecated version of a browser, or the DAE may not work at all.

Find out more about accessibility.

9.1 In order to use the DAE and/or access certain content, systems, or features of the DAE, your organisation will first need to identify you as an authorised user in relation to the applicable DSA. You may need to complete an online registration form and create or update login details. These login details will consist of a user identification name and password. You may be asked to provide additional information as required as part of our security procedures.

9.2. As a minimum, passwords you use to access the DAE must have a level of complexity which ensures they cannot be easily guessed by hackers or malicious software, and be in accordance with government best practice.

9.3. We may ask you to change your login details, or manually enter your login details from time to time as a security measure. We do not recommend using biometric data (such as fingerprints or facial recognition) to store your login details if other people can also access your device using their biometric data.

9.4. You agree to provide true, accurate, current and complete information about yourself when registering for and using the DAE and you agree to keep this information up to date and accurate at all times.

9.5. Unless directly caused by us, you are responsible for, and agree to hold us harmless from, any unauthorised access or changes made to your login details or account resulting from shared or unauthorised access to your device or other individuals having access to your login details.

9.6. You must treat your login details as confidential and you must not disclose it to anyone. If you know or suspect that anyone other than you knows your login details or that your access to the DAE has been compromised, you must promptly: (i) notify the NHS Digital National Service Desk by writing to [email protected] or by calling +44 300 303 5035; and (ii) if possible to do so, change your login details.

9.7. If you cease to be authorised by the organisation at any time then you must cease using your login details and accessing the DAE immediately. You or your organisation is required to notify us as set out in the DSA.

10.1. You may only use the DAE for lawful purposes and in accordance with this EUAA, and agree not to access without authority, interfere with, damage or disrupt:
    (i) any part of the DAE or any of the Data found therein;
    (ii) any equipment or network on which the DAE is stored;
    (iii) any software or services used in the provision of the DAE; and/or
    (iv) any equipment or network or software owned or used by any third-party.

10.2. You may not use the DAE:
    (i) in any way that breaches this EUAA or any applicable local, national, or international law or regulation;
    (ii) in any way that breaches your Organisation's DSFC and applicable DSA(s);
    (iii) unlawfully, fraudulently, maliciously, or in any way that is harmful to us, any Third-Party Tool Provider or other users,                that has any unlawful, fraudulent, malicious, or harmful purpose or effect;
    (iv) to send, knowingly receive, upload, download, use or re-use any material which you do not have the right to do so or                which does not comply with this EUAA;
    (v) to transmit, or procure the sending of any (a) unsolicited or unauthorised advertising or promotional material or any                  other form of similar solicitation (spam) or (b) bank, credit card or other financial account related data or credentials;
    (vi) to knowingly send or transmit any data that contains Viruses;
    (vii) with the Login Details of another user, or permit any unauthorised person to use your Login Details to use the DAE;
    (viii) in any way which would change the DAE or infringe on any intellectual property rights in relation to using the DAE;
    (ix) in any way which attempts to unencrypt or otherwise intercept any transmission of data to or from the DAE or any                    applicable third parties; and/or
    (x) in any way which could disable or compromise the security of the DAE, or that belonging

11.1. The Intellectual Property Rights pertaining to your use of the Data are set out in your Organisation's DSFC and/or the applicable DSA.

11.2. NHS Digital or its licensors own all Intellectual Property Rights in the DAE and the NHS Digital content. Your licence to use the DAE and the NHS Digital content is as set out in the DSFC and DSA, and applies whilst you are an authorised user of the DAE.

12.1. Unless otherwise permitted by the applicable DSA, you may not upload, or attempt to upload, any content to the DAE. Under no circumstances may you upload any content to the DAE which is not owned by your organisation or which you are not authorised to upload on behalf of your organisation, and which has not been approved by NHS Digital through the application process associated with the DSA applicable to your use of the DAE.

13.1. We are not responsible for the content or reliability of any external websites we may link to from the DAE and do not endorse the views expressed within them. We aim to replace broken links to websites but cannot guarantee that these links will always work as we have no control over the availability of those websites.

13.2. Due to the very nature of the internet we cannot guarantee the DAE or any websites we link to will always be available to you.

14.1. NHS Digital's liability position in relation to this EUAA is set out in the DSFC.

14.2. For the avoidance of doubt, we will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with: (i) use of, or inability to use, the DAE; or (ii) any loss in connection with any error, omission, defect, virus, or system failure.

14.3. We will not be liable for any loss or damage caused by a Virus which may infect your device, computer equipment, computer programs, data or other proprietary material due to your use of the DAE or in relation to your downloading of any content or data from the DAE, or on or from any third party website linked to the DAE.

14.4. We do not assume any responsibility for the content of third-party websites which may be linked on the DAE. Such links should not be interpreted as an endorsement of those linked websites. We will not be liable for any loss or damage that may arise from your use of them.

14.5. To the extent permitted by law, we exclude all other conditions, warranties, representations or other terms which may apply to the DAE or any data or content on it, whether express or implied.

14.6. You agree to reimburse us for any losses that we incur as a result of your: (i) breach of, or failure to comply with, this EUAA; or (ii) unauthorised use of the DAE.

15.1. We do not guarantee that the DAE will always be available or that your use of the DAE will be uninterrupted. Access to the DAE is permitted on a temporary basis.

15.2. We may suspend, withdraw, discontinue or change all or any parts of the DAE without notice and without compensation to you.

15.3. We may, at any time, suspend or terminate your Login Details and/or use of the DAE (in whole or in part) temporarily or permanently. We may do this:
    (i) if we, or a third party which provides some or all of the services related to the DAE, are making repairs, updates, or                    conducting maintenance on our tools and systems or those related to the third party companies or services;
    (ii) if we have concerns about the security of the DAE;
    (iii) if we suspect that your Login Details have been compromised or used fraudulently or in an unauthorised way;
    (iv) if we suspect that you may be using the DAE or any data in a fraudulent or unauthorised way or in violation of this                      EUAA;
    (v) if there are legal obligations which we have to meet;
    (vi) if we are prevented from providing the DAE for any reason beyond our reasonable control;
    (vii) if you have not accessed or used the DAE for a period of 12 months or more; or
    (viii) for any other reason at our absolute discretion.

15.4. We will endeavour to give you advance notice of any suspension or termination, but may not be able to do so in all circumstances. We will not provide notice to you if providing that notice would compromise our security measures or is unlawful.

15.5. You may request the reactivation of your Login Details if we suspended or terminated your access, but we are under no obligation to do so.

15.6. We will not be liable to you if for any reason any part of the DAE is unavailable or inaccessible to you at any time or for any period.

15.7. You can terminate your use of the DAE at any time by writing to [email protected] or by calling +44 300 303 5035 and by no longer using your login details. It is your responsibility to remove any saved login details from your device if you wish to terminate your use of the DAE, or if you change your device or otherwise dispose of it, or if you cease to be authorised by your organisation.

15.8 On termination of this EUAA or your right to use the DAE, you must stop using the DAE and any Third-Party Tools immediately and permanently remove from your systems any copies of Third-Party Tools (and associated documentation), if any. Promptly (but within 30 days) after a request from us, you must certify that you have done do (or, if applicable, that no such copies existed).

16.1. We do not guarantee or warrant that the DAE will be secure or free from viruses, that the functions of the DAE will be uninterrupted or error free, that defects will be corrected, or represent the full functionality, accuracy, or reliability of the materials or data.

16.2. You are responsible for configuring your accessing device in order to access the DAE safely. You should use and maintain your own virus protection software.

16.3. You must not misuse the DAE by knowingly introducing viruses. You must not attempt to gain unauthorised access to the DAE, the server on which the DAE or related data is stored, or any server, computer or database connected to the DAE. You must not attack the DAE via a denial-of-service attack or a distributed denial-of service attack.

16.4. In using the DAE you are giving us, or an agent or representative appointed on our behalf, permission to: (i) carry out an audit at any time and without notice to you in relation to your use of the DAE; and (ii) share information with your organisation in relation to that audit and its findings.

17.1. By registering to use the DAE and receiving login details, you are giving us permission to contact you or your organisation from time to time by using any of the methods which you have authorised during the registration process, or as set out in the applicable DSA. You may update your preference at any time by making the appropriate selection when logged in on the DAE.

17.2. You are responsible for keeping us updated if your contact details change. We are not responsible if we are not able to contact you, or if your contact details are out of date.

18.1. If any part of this EUAA becomes or is held by a court to be invalid, illegal, or unenforceable, this will not affect the validity of the remaining provision which will remain in full force and effect.

18.2. Ceasing to use the DAE does not affect any provision of this EUAA, which are expressly or by implication intended to continue on in effect.

18.3. We may transfer our rights and obligations under this EUAA to another organisation at any time and at our discretion. You may not transfer your rights or obligations to anyone else.

18.4. No attempt by you to vary this EUAA will be valid.

18.5. This EUAA, its subject matter and formation (and any non-contractual disputes or claims), and the use of the website, are governed by English law. We both agree to the exclusive jurisdiction of the courts of England in respect of any disputes or causes of action arising under these terms and conditions or the use of the DAE.

19.1. If you have any queries about the use of the DAE or this EUAA, please contact us by email or post.

Email: [email protected] - include the following in your email subject line: Data Access Environment and your NIC number.

Post: NHS Digital, 7 and 8 Wellington Place, Leeds, West Yorkshire, LS1 4AP, United Kingdom - include the following reference in your letter: Data Access Environment and your NIC number.