Central Metadata Terms and Conditions

Central Metastore T&Cs

1. Introduction

1.1 Please read these terms carefully before you start to use this "Central Metastore" service available at https://healthandcaremetadata.uk/ which enables Authorised Users to view information about NHS England datasets. NHS England shall provide you with your access and Login Details once you are accepted as an Authorised User

If the Login Details you receive do not relate to you or do not work then please cease access and contact NHS England using the contact details in section 20 below.

2. Definitions

2.1 The following definitions are used in this EUAA:

Agreed Purpose means reviewing and identifying available data sets which the Authorised User may wish to apply for access to (subject to other processes and terms)

Authorised User means an individual who has followed the registration process for the Central Metastore;

Central Metastore means the service available at https://healthandcaremetadata.uk/ which enables you to view information about NHS England datasets;

Data means the metadata held in the Central Metastore;

End User Access Agreement or EUAA means these terms (including the documents and links referred to), which set out the terms and conditions on which you may use the Central Metastore;

Intellectual Property Rights means all intellectual property rights including copyright, database rights, trademarks and trade names, patents, topography rights, design rights, trade secrets, know-how and all rights of a similar nature or having similar effect which subsist anywhere in the world, whether or not any of them are registered and applications for registrations of any of them;

Login Details means the Authorised User’s username and password to access the Central Metastore;

NHS England Content means the material in the Central Metastore, which includes: the Data and associated information; website and portal designs; commercial data; information; text; standards; images; interactive services; reports; and any other works or materials.

Virus means computer viruses, trojans, worms, logic bombs, disabling code or routines, or other materials which is malicious or technologically harmful; and

we, our, us and NHS England are references to the Health and Social Care Information Centre, a non-departmental public body established under Section 252 of the Health and Social Care Act 2012.

3. Terms of use

3.1 This EUAA (together with the documents and links referred to in it) set out the terms and conditions on which you may use the Central Metastore.

3.2 Only named Authorised Users may access the Central Metastore.

3.3 By using the Central Metastore, you are: (i) confirming you are an Authorised User; (ii) accepting and consenting to the terms described in this EUAA; and (iii) confirming that you accept this EUAA and agree to comply with it.

4. Changes and updates

4.1 We may make changes at our discretion to the content and features of the Central Metastore, this EUAA, the terms and conditions applicable to any third party tool, product, or service used to manage, analyse, or model any part of the Central Metastore, Data or NHS England Content (as detailed in clause 6 and Appendix A), and any other policies or links applicable to your use of the Central Metastore (collectively an update), at any time and for any reason without providing notice of those changes to you.

4.2 Your access and continued use of the Central Metastore after an update has been made signifies your acceptance of those changes. Depending on the update, you may not be able to use the Central Metastore (or any of its functions, or access Data) unless you have accepted any new or additional terms.

5. Information about you

5.1 When you access the Central Metastore, we process information about you. We will only use your personal information in accordance with our Privacy Policy. By using the Central Metastore, you warrant that all data provided by you for verification of identity, access, and security purposes is accurate.

6. Using the Central Metastore

6.1 In order to use the Central Metastore you must be and remain an Authorised User.

6.2 You recognise that we may on occasion need to amend, replace, recall and resupply Data.

6.3 Our assumption is that your access to the Central Metastore will be from within England, and we are not responsible or liable for your compliance with any local laws, should you seek to access the Central Metastore outside of England. We may limit the availability of the Central Metastore to any person or geographic area at any time at our discretion.

6.4 You recognise that the Central Metastore is a service with other users, and that access or capacity may on occasion be limited. You will comply with any guidance as to fair use that may be given by us from time to time. You recognise that we may need to suspend or throttle usage that is in excess of fair usage at our discretion or where we consider it may impact other users.

6.5 You acknowledge that we may audit all users’ usage of the Central Metastore at any time.

7. Accessibility and browsers

7.1 We aim to make the Central Metastore accessible and comply with standards which should work on the majority of browsers in use. However, we offer no warranty that the Central Metastore will work in any particular browser or configuration. Please note that you may see inconsistencies in the presentation of pages if you are using an older or deprecated version of a browser, or the Central Metastore may not work at all. Learn more about information on accessibility

8. Registration, login and security

8.1 In order to use the Central Metastore and access its content, systems, or features, you must request access by going to Central Metastore. These Login Details will consist of a user identification name and password, which you must change to a password of your choice on first log-in.  You may be asked to provide additional information as part of the registration process as part of our security procedures.

8.2 As a minimum, passwords you use to access the Central Metastore must have a level of complexity which ensures they cannot be easily guessed by hackers or malicious software and be in accordance with Government best practice which can be found here: Password Security Guidelines

8.3 We may ask you to change your password, or manually enter your Login Details from time to time as a security measure. We do not recommend using biometric data (such as fingerprints or facial recognition) to store your Login Details if other people can also access your device using their biometric data.

You agree to provide true, accurate, current and complete information about yourself when registering for and using the Central Metastore and you agree to keep this information up to date and accurate at all times.

8.5 Unless directly caused by us, you are responsible for, and agree to hold us harmless from, any unauthorised access or changes made to your Login Details or account resulting from shared or unauthorised access to your device or other individuals having access to your Login Details.

8.6 You must treat your Login Details as confidential and you must not disclose it to anyone. If you know or suspect that anyone other than you knows your Login Details or that your access to the Central Metastore has been compromised, you must promptly: (i) notify the NHS England National Service Desk by emailing ssd.nationalservicedesk@nhs.net or by calling +44 300 303 5035; and (ii) if possible to do so, change your Login Details.

9. Prohibited use of the Central Metastore

9.1 You may only use the Central Metastore for lawful purposes and in accordance with this EUAA, and agree not to access without authority, interfere with, damage or disrupt:

  1. any part of the Central Metastore or any of the Data found therein;
  2. any equipment or network on which the Central Metastore is stored;
  3. any software or services used in the provision of the Central Metastore; or
  4. any equipment or network or software owned or used by any third-party.

9.2 You may not use the Central Metastore:

  1. in any way that breaches this EUAA or any applicable local, national, or international law or regulation;
  2. unlawfully, fraudulently, maliciously, or in any way that is harmful to NHS England or other users, or has any unlawful, fraudulent, malicious, or harmful purpose or effect;
  3. to send, knowingly receive, download, use or re-use any material which does not comply with this EUAA;
  4. to transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam);
  5. to knowingly send or transmit any data that contains Viruses;
  6. with the Login Details of another user, or permit any unauthorised person to use your Login Details to use the Central Metastore;
  7. in any way which would change the Central Metastore or infringe on any Intellectual Property Rights in the Central Metastore, Data or NHS England Content;
  8. in any way which attempts to unencrypt or otherwise intercept any transmission of data to or from the Central Metastore or any applicable third parties; or
  9. in any way which could disable or compromise the security of the Central Metastore or the infrastructure on which it is located, or  interfere with the use of the Central Metastore by other parties.

10. Intellectual property rights

10.1 NHS England is the owner or licensee of the Intellectual Property Rights in the Data, the NHS England Content, and any of the tools provided or used in the management, analysis, and modelling of Data.

10.2 Unless otherwise permitted in writing, you do not have permission to use the NHS England name or branding.

10.3 You shall retain all attribution marks on the Data.

11. External links from the Central Metastore

11.1 We are not responsible for the content or reliability of any external websites we may link to from the Central Metastore and do not endorse the views expressed within them. We aim to replace broken links to websites but cannot guarantee that these links will always work as we have no control over the availability of those websites.

11.2 Due to the very nature of the internet we cannot guarantee the Central Metastore or any websites we link to will always be available to you.

12. Exclusion of liability

12.1 Nothing in this EUAA shall limit either party's liability to the other for: (i) death or personal injury resulting from the negligence of its employees, agents or subcontractors; (ii) fraud or fraudulent misrepresentation; or (iii) any other liability that cannot be excluded or limited as a matter of law.

12.2 Except as set out in clause 12.1, we shall in no circumstances be liable to you for:

  1. any loss of profits, revenue, opportunity, contracts, sales, turnover, anticipated savings, goodwill, reputation, business opportunity, production, or loss to or corruption of data (regardless of whether any of these losses or damages are direct, indirect or consequential); or
  2. any indirect or consequential loss or damage whatsoever (including where such loss or damage is of the type specified in (i)).

12.3 Except as set out in clause 12.1, we will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:

  1. use of, or inability to use or access, the Central Metastore;
  2. any loss in connection with any error, omission, defect, Virus, or system failure;
  3. any loss or damage caused by a Virus which may infect your device, computer equipment, computer programs, data or other proprietary material due to your use of the Central Metastore or in relation to your downloading of any content or data from the Central Metastore, or on or from any third party website linked to the Central Metastore; or
  4. the content of third-party websites which may be linked on the Central Metastore.

12.4 The Central Metastore is provided as is and to the fullest extent permitted by law, we exclude all conditions, warranties, representations or other terms which may apply to the Central Metastore or any data or content on it, whether express or implied.

12.5 Except as set out in clause 12.1, our total aggregate liability for any and all claims arising under or in connection with your use of the Central Metastore regardless of form of action and whether in contract, tort (including negligence and breach of statutory duty) or otherwise is limited to £1.

12.6 You agree to reimburse us for any losses that we incur as a result of your: (i) breach of, or failure to comply with, this EUAA; or (ii) unauthorised use of the Central Metastore.

13. Suspension/termination of use

13.1 We do not guarantee that the Central Metastore will always be available or that your use of the Central Metastore will be uninterrupted. Access to the Central Metastore is permitted on a temporary basis.

13.2. We may suspend, withdraw, discontinue or change all or any parts of the Central Metastore, Data or NHS Content without notice and without compensation to you.

13.3 We may, at any time, suspend or terminate your Login Details and/or use of the Central Metastore (in whole or in part) temporarily or permanently if:

  1. we, or a third party which provides some or all of the services related to the Central Metastore, are making repairs, updates, or conducting maintenance on our tools and systems or those related to the third party companies or services;
  2. we have concerns about the security of the Central Metastore;
  3. we suspect that your Login Details have been compromised or used fraudulently or in an unauthorised way;
  4. we suspect that you may be using the Central Metastore or any data in a fraudulent or unauthorised way or in violation of this EUAA;
  5. there are legal obligations which we must meet;
  6. we are prevented from providing the Central Metastore for any reason beyond our reasonable control;
  7. you have not accessed or used the Central Metastore for a period of 12 months or more; or
  8. for any other reason at our absolute discretion.

13.4 We will endeavour to give you advance notice of any suspension or termination but may not be able to do so in all circumstances. We will not provide notice to you if providing that notice would compromise our security measures or is unlawful.

13.5 You may request the reactivation of your Login Details if we suspended or terminated your access, but we are under no obligation to do so.

13.6 We will not be liable to you if for any reason any part of the Central Metastore is unavailable or inaccessible to you at any time or for any period.

13.7 You can terminate your use of the Central Metastore at any time by emailing ssd.nationalservicedesk@nhs.net and by no longer using your Login Details. It is your responsibility to remove any saved Login Details from your device if you wish to terminate your use of the Central Metastore, or if you change your device or otherwise dispose of it.

14. Viruses

14.1 We do not guarantee or warrant that the Central Metastore will be secure or free from Viruses, that the functions of the Central Metastore will be uninterrupted or error free, that defects will be corrected, or represent the full functionality, accuracy, or reliability of the materials or data.

14.2 You are responsible for configuring your accessing device in order to access the Central Metastore safely. You should use and maintain your own virus protection software.

14.3 You must not misuse the Central Metastore by knowingly introducing Viruses. You must not attempt to gain unauthorised access to the Central Metastore, the server on which the Central Metastore or related data is stored, or any server, computer or database connected to the Central Metastore. You must not attack the Central Metastore via a denial-of-service attack or a distributed denial-of service attack.

14.4 In using the Central Metastore you are giving us, or an agent or representative appointed on our behalf, permission to: (carry out an audit at any time and without notice to you in relation to your use of the Central Metastore;

15. Confidentiality

15.1 You must: (i) keep the NHS England Content confidential, and shall not disclose it to any third party save where expressly permitted to do so in accordance with the terms of this EUAA; and (ii) use the NHS England Content only in so far as is necessary for the Agreed Purpose.

15.2 The restrictions on disclosure and use contained in this clause 15 shall not apply to the NHS England Content to the extent that it:

  1. is or was already in the possession of or becomes available to the you in either case free of any obligation of confidentiality;
  2. is required to be disclosed by you by any applicable law, or Parliamentary obligation, or governmental or regulatory authority having the force of law;
  3. is required to be disclosed to your professional advisers; or
  4. at the time of receipt by you, is in the public domain or after such receipt comes into the public domain other than as a result of breach by you of this clause 15.

15.3 You shall be responsible for any unauthorised disclosure or use of the NHS England Content made by you and shall take all reasonable precautions to prevent such unauthorised disclosure or use.

16. How we may contact you

16.1 By registering to use the Central Metastore and receiving Login Details, you are giving us permission to contact you from time to time by using any of the methods which you have authorised during the registration process. For more details see the Privacy Policy

16.2 You are responsible for keeping us updated if your contact details change. We are not responsible if we are not able to contact you, or if your contact details are out of date.

17. Miscellaneous

17.1 If any part of this EUAA becomes or is held by a court to be invalid, illegal, or unenforceable, this will not affect the validity of the remaining provision which will remain in full force and effect.

17.2 Ceasing to use the Central Metastore does not affect any provisions of this EUAA which are expressly or by implication intended to continue in effect.

17.3 We may transfer our rights and obligations under this EUAA to another organisation at any time and at our discretion. You may not transfer your rights or obligations to anyone else.

17.4 No attempt by you to vary this EUAA will be valid.

17.5 This EUAA, their subject matter and formation (and any non-contractual disputes or claims), and the use of the website, are governed by English law. We both agree to the exclusive jurisdiction of the courts of England in respect of any disputes or causes of action arising under these terms and conditions or the use of the Central Metastore.

18. Contact us

18.1 If you have any queries in respect of your use of the Central Metastore or this EUAA, please contact us by email or post at:

Email: corporatemetadatateam@nhs.net

Include the following in your email subject line: Central Metastore.

Post: NHS England, Wellington House, 133-135 Waterloo Road, London, SE1 8UG, United Kingdom

Include the following reference in your letter: Central Metastore.

Privacy Notice Applicable to use of Central Metastore

Your privacy is important to us. This privacy notice covers what personal information we collect and how we use, disclose, transfer, and store your information if you choose to use the Central Metastore.

1 Who we are

NHS Digital was set up by the Department of Health and Social Care in April 2013 and is an executive non-departmental public body that provides national information, data and IT systems for health and care services. We exist to help patients, clinicians, commissioners, analysts, and researchers. Our goal is to improve health and social care in England by making better use of technology, data, and information.

Find out more about NHS Digital.

The Central Metastore will revolutionise our current ways of working with data by:

  • Holding and maintaining all specifications in one place - it will be the central source of all info.
  • Providing rich information about our data products to data consumers - feeding data catalogue views of data at NHS England + platform-wide business glossary and data dictionary
  • Providing information to determine whether a new data product can be created from existing data to meet new requirements (i.e., without adding to data reporting burdens of the NHS)
  • Promoting the re-use of existing business terms, logical and physical data definitions and data processing rules in new product designs
  • Providing automated support for review and approval workflow(s) for new data collections, data definitions, business terms and data pipelines specifications
  • Providing automated communication of approved designs for implementation in the data platform production environment
  • Using metadata to expose pipelines design to business approvers and to define what happens in the data production platform
  • Synchronising with other metadata sources - e.g., NHS DD, DARS, IAOs, DSDS, IOPS, data platform, etc.

Mentions of "us" and "we" mean NHS England and "you" means anyone using Central Metastore

NHS England is the controller for the personal information we process, unless otherwise stated.

2. What personal information we collect about you

We collect your basic personal details needed to register the account used to access the Central Metastore, including:

  • first name
  • last name
  • email address

We also collect technical information needed for security and to set up and manage your account. This includes:

  • log and audit data
  • identifiers relating to you and your device

3. Why we collect your personal information

We collect personal information from you to:

  • create an account so you can access and use the Central Metastore
  • receive updates and notifications relating to the Central Metastore use.
  • diagnose problems, understand usage by individuals and manage and improve our service.

4. Our legal basis for using your information

The processing of this information is necessary in order for us to perform our official functions and the task has a clear basis in law

5. Who we share your personal information with

We will not share your personal data with other organisations unless required to do so by law.

6. How we protect your personal information

We take appropriate security measures on both a technical and an organisational level, designed to keep your Personal Information secure. Our technical, administrative, and physical procedures are designed to protect Personal Information from loss, theft, misuse and accidental, unlawful, or unauthorised access, disclosure, alteration, use and destruction. The transmission of data via the internet is not completely secure, and we cannot guarantee the security of your information.

You also share responsibility for maintaining the privacy and security of your Personal Information, for example, by not allowing any third party to use your personal account to the Services and avoiding all other non-authorised access to your login and access code. We encourage you to immediately notify us of any unauthorised use of your personal account by sending an e-mail to the team email; corporatemetadatateam@nhs.net

7. How long we store your personal information

We store your personal information for as long as is reasonably necessary and legally justifiable. The length of time we store your information for will depend on legal, regulatory, or technical requirements. In any event, we follow the Records Management Code of Practice for Health and Social Care (2020). The retention periods are explained below.

Category of Information Retention Period
User Accounts You can delete your account anytime. If you delete your account, you must create a new account if you ever want to use the Central Metastore in the future. The personal information within your Central Metastore account is:
  • first name
  • last name
  • email address
Log and audit data Log data is subject to a 30 day retention period before being overwritten on an oldest record first basis. Customers may download logs from their Collibra console if retention periods greater than 30 days are required

This information lets us record:

  • when your account was set up
  • when you use your account
  • details of activities performed when you use your account

8. Where your personal information is stored and processed

We store and process your information that is required to support end-user authentication, authorisation and collaboration in the Central Metastore. We will make sure your information is given the level of protection required by law and NHS policies.

Your data is stored and processed on the suppliers (Collibra) cloud service in London, England

9. Cookie policy

What are cookies?

Cookies are files saved on your phone, tablet, or computer when you visit a website.

They store information about how you use the website, such as the pages you visit.

Cookies are not viruses or computer programs. They are very small so do not take up much space.

How we use Cookies and similar technologies

A “cookie” is a small text file that is placed onto a browser or device to record information related to the use of a device or a website. A “web beacon” is a small object or image that is embedded into a web page, application, or email and is used to track activity. We and third parties automatically collect the following Personal Information via cookies, web beacons and/or similar technologies (collectively “cookies”) in your browser and in emails sent to you:

Information about your use of the Platforms.

Including when and how many times you access our Platforms, pages viewed, and the page you visited before navigating to our Platforms.

Instances of the Collibra platform inherently only use functional cookies necessary for interaction by an end user.

Functional cookies.

We use these cookies to remember user preferences, e.g., language, time zone, and enhanced content, which allows us to personalise your experience with our Services.

For a current, complete list of all cookies on our website, please visit the cookie preferences section of our cookie banner, where you can manage your cookie preferences in accordance with the categories listed above. Further, many web browsers allow you to manage your preferences relating to cookies. You can set your browser to refuse cookies or delete certain cookies.

10. Your rights

Data protection laws provide you with a number of rights which you can exercise by contacting the controller.

These general rights allow you to:

  • know how your personal information will be collected, processed, and stored, and for what purposes
  • request a copy of your personal information by completing a subject access request form
  • change your information if it is wrong or incomplete
  • request we delete your personal data. We may not be able to delete your information if there is a legal reason for us to not delete it
  • request a restriction on the use of your personal information - if it is wrong and would like it to be changed before being used again
  • You can read more about your rights and when they apply on the Information Commissioner's Office's (ICO) website.

11. Contact Us

You can contact us by post, telephone, or email. More details are available on our contact page.

Our postal address is: NHS England, Wellington House, 133-135 Waterloo Road, London, SE1 8UG, United Kingdom

Email: england.dpo@nhs.net

Our Data Protection Officer, whose duties include monitoring internal compliance and advising the organisation on its data protection obligations, can be contacted via england.dpo@nhs.net.

 

12. Complaints

You have the right to complain about how we process your personal information. You can do this by emailing england.dpo@nhs.net or you can go through the Information Commissioner’s Office (ICO). The ICO is the regulator for data protection.

13. Changes to our privacy notice

Our privacy notice may change. The latest version of our privacy notice will be accessible through the Central Metastore. We will inform you through your Central Metastore account if we make any material changes to our privacy notice, cookies policy or terms and conditions. This will allow you to refresh your consent if you wish to continue using the Central Metastore.