1.1 The RDP is the digital platform which Healthcare Improvement Scotland (HIS) delivers as part of its Right Decision Service (RDS).

1.2 The RDS is a national service which supports the Provider to access, use and build validated decision support tools.

1.3 These terms and conditions constitute a legally binding agreement between HIS and the Provider upon which the Provider is agreeing to provide, and HIS is agreeing to receive, Content for the RDP.

1.4 As part of the process for access to the RDP, the Provider, through its Authorised User, (as defined at clause 2) will be asked to confirm it has read and agrees to accept these terms and conditions.

1.5 These terms and conditions may not be waived or modified except with the prior written agreement of HIS.

1.6 HIS may amend these terms and conditions from time to time as the RDP and RDS evolve. HIS agrees to notify the Provider of any amendment to the terms and conditions via the RDP. The Provider agrees that its continued use of the RDP after notification of the amendment(s) to the terms and conditions constitutes the Provider’s acceptance of the revised terms and conditions of Use. The most current version of the terms and conditions shall govern and supersede all previous versions.

1.7 Should the Provider no longer wish to be bound by these terms and conditions, the Provider has the right to terminate in accordance with clause 6.  

Authorised User(s): The individual(s) who, on behalf of the Provider and authorised by both the Provider and by HIS, use the RDP to create and publish Content.

Content: Digital decision support content in whatever format, including text, graphics, images, software, videos, audio files, toolkits and any other media that is created, transmitted, stored, published and/or accessed via the RDP.  Includes content that is publicly available, password protected, kept private or shared using the RDP.

End-User: Any individual (whether a Professional User or not) who uses the RDP (whether via the RDP website or mobile app) to view and/or interact with Content. The term “End-Users” shall be construed accordingly.

Professional User: an individual accessing the RDP in their capacity as a professional involved in supporting health and social care across Scotland.

Provider: The organisation that uses the RDP to create and/or publish it’s Content and agrees to be bound by these terms and conditions.

RDP Standard Operating Procedures: The HIS RDP Standard Operating Procedures applicable to the Provider’s use of the RDP and found at https://rightdecisions.scot.nhs.uk/right-decision-service-standard-operating-procedures/ as may be updated from time to time.

3.1 The Provider (through its Authorised User(s)) will create and publish Content on the RDP as RDP decision support toolkits.  The Provider remains fully responsible for their Content at all times. For the avoidance of doubt, HIS is not responsible or liable for any Content residing on the RDP that has been submitted, posted or displayed by the Provider.

3.2 The Provider acknowledges and agrees that it is fully responsible and accountable for all Authorised User acts and omissions in connection with the RDP, including everything that an Authorised User does, posts, writes and/or publishes on the RDP. 

3.3 The Provider warrants and undertakes to HIS that its governance frameworks and policies are sufficient in scope and applicable to the Authorised User’s activities in connection with the RDP. It is the Provider’s responsibility to ensure that the Provider, and its Authorised User(s), operate within those governance frameworks and policies.

3.4 In order to access the RDP, the Provider and its Authorised User(s) agree to comply with the terms of the RDP Standard Operating Procedures and these terms and conditions.

4.1 The Provider will retain ownership of the intellectual property rights the Provider holds in the Content submitted to the RDP.

4.2 To the fullest extent required by HIS to enable HIS to make Content available to End-Users and to operate the RDP and wider RDS effectively, the Provider hereby grants to HIS a worldwide, non-exclusive, sub-licensable, royalty-free, licence to:

4.2.1 use, store, host, copy (for the purposes of back-up and/or archiving), display, publish, publicly perform, distribute and reproduce Content; and

4.2.2 modify Content for technical purposes (such as, but not limited to making sure Content is viewable on smart phones as well as computers).

4.3 In addition to the rights granted at clause 4.2, the Provider hereby provides the licences and rights required to the Content to ensure that HIS’ processing, maintenance, storage, technical reproduction, back-up, distribution and related handling of Provider’s Content (whether by HIS or by a third party on behalf of HIS) does not infringe applicable copyright and other laws.

4.4 HIS shall not use the Provider’s Content for any commercial, profit making purposes.

4.5 HIS have the right to disclose the Provider’s identity to any third party who is claiming that any of the Provider’s Content (or part thereof) posted or uploaded to the RDP constitutes a violation of the third party’s intellectual property rights or of their right to privacy.

4.6 HIS reserves the right to remove Content alleged to be infringing without prior notice to the Provider and at HIS’ sole discretion, without liability to the Provider. In appropriate circumstances, HIS will also terminate an Authorised User’s account if the Authorised User is determined to be an infringer.

5.1 Subject to the remainder of this clause 5, HIS grants the Provider and its Authorised User(s) access to the RDP tools as may be required for creating, editing and publishing its Content on the RDP.

5.2 To obtain an account, a representative of the Provider needs to request a RDP toolkit from the RDS team using the RDS Standard Operating Procedures and request form provided. If the request is accepted by the RDS team, the team will set up an account for the Authorised User.

5.3 An Authorised User creates an account by providing an acceptable email address, and creating a password. The Provider is responsible for advising the RDS team of any changes to the account information of any Authorised User.

5.4 The Provider is responsible for all activities that occur under the accounts of its Authorised User(s), including activities of others to whom an Authorised User has provided their account information.

5.6 Where an Authorised User is provided with a password or any other piece of information as part of their account, the Provider must ensure that the Authorised User treats such information as confidential. The Authorised User must not disclose it to any third party.

5.7 HIS have the right to disable any Authorised User password, whether chosen by the Authorised User or allocated by HIS, at any time, if in HIS’ reasonable opinion the Authorised User has failed to comply with any of the provisions of these terms and conditions.

5.8 HIS is not liable for any loss or damage sustained by a Provider that arises from any failure by the Provider or its Authorised User to provide HIS with accurate information or to keep account information secure.

5.9 If the Provider, or its Authorised User, discovers any unauthorised use of account information or suspects that anyone may be able to access private Content, they should immediately change the relevant password and notify the RDS team at [insert].

5.10 Once one or more Authorised User accounts are created, HIS grants the Provider limited access to use the RDP subject to these terms and conditions, until terminated in accordance with clause 6 below.

5.11 The Provider and any Authorised User granted access to an RDP account agrees to comply with the RDP guidance and RDP Standard Operating Procedures. These include management of the Content lifecycle, help and support arrangements, user testing and risk management, and compliance with Medical Device Regulations where required. 

5.12 The rights in the RDP software, including all intellectual property rights, are protected by one or more of copyright, trademark, patent, trade secret and other laws, regulations and treaties, in addition to these terms and conditions. The Provider agrees, and shall procure its Authorised User’s agreement, not to modify, create derivative works of, decompile or otherwise attempt to extract source code from any RDP software, unless expressly permitted to do so under an open source licence or where HIS has provided express written permission to do so.

5.13 HIS may, but are not obligated to, monitor, edit or remove any Content for any or no reason at any time. HIS are not responsible, however, for any delay or failure in removing any Content. The Provider hereby agrees that HIS has the right to elect not to accept, post, store, display, publish or transmit any Content, and to remove any Content from the RDP, at its sole discretion. This situation may arise, for example, if the Provider breaches these terms and conditions. This may include failing to comply with the RDP Standard Operating Procedures, such as ensuring that Content is consistent with validated guidance and evidence.

6.1 Termination by Provider

6.1.1 The licenced rights which the Provider has granted to HIS under clause 4 remains active until the Provider chooses to terminate.  Where the Provider chooses to terminate, the Provider needs to notify the RDS team in writing of its decision to revoke the licence. The RDS team will deactivate and delete any Authorised User accounts within twenty (20) working days of receiving the notification of termination. The Provider may un-publish, delete, and copy over their Content until such time as its Authorised User accounts are deactivated.  If any live Content from the Provider remains on the RDP after HIS has terminated the Provider’s Authorised User accounts, HIS will un-publish that Content at the point of terminating the Authorised User accounts, and will delete the Content after a further twenty (20) days.  

6.1.2 The Provider may voluntarily disable any Authorised User account at any time at the Provider’s own discretion.

6.2 Termination by HIS

6.2.1 HIS may suspend or close an Authorised User account, with or without notice or cause, and without any liability to the Provider.

6.2.2 Where HIS has a cause for suspending or closing an Authorised User account, such cause may include, without limitation:

6.2.2.1 breach or violation of these terms and conditions, or breach of any separate agreement by the Provider or its Authorised User(s) relating to the RDS;

6.2.2.2 an extended period of failure to maintain and update Content as set out in the RDP Standard Operating Procedures or to comply with any part of the RDP Standard Operating Procedures;

6.2.2.3 the discontinuance or material modification of the RDP or wider RDS (or any part thereof); or

6.2.2.4 unexpected technical or security issues or problems.

6.2.3 In the event that HIS elects to close an Authorised User’s account on notice, the notice that HIS will provide will usually be at least twenty (20) working days advance notice to the Authorised User and Provider, so that the Provider and Authorised User can retrieve any Content stored on the RDP. After the expiration of this notice period, neither the Provider, nor its Authorised User(s), will be able to retrieve Content contained in that account or otherwise use the RDP through that account.

6.3 Any provision contained herein that expressly or by implication is intended to continue in force on or after termination shall remain in full force and effect.

7.1 Any Content the Provider makes available through the RDP will be considered non-confidential unless the Provider notifies HIS in writing otherwise and identifies the specific content within the Content that is confidential.

7.2 The Provider may choose to protect the confidentiality and availability of certain Content to be shared on the RDP by submitting Content that is protected by technical measures intended to safeguard the confidentiality and accessibility of sensitive information contained within the Content.

7.3 Where the Provider does not have the technical capability to apply security measures to Content, the Provider can make a request, in writing, to the RDS team at HIS for HIS to apply password protection or use other available technical measures to protect certain areas of the Content identified by the Provider.

7.4 Notwithstanding the foregoing, any and all Content made available by the Provider, whether that Content is confidential or not, and whether technical security measures have been applied to the Content by the Provider or by HIS, is made available by the Provider at its own risk.

7.5 Whilst HIS may copy Content for the purposes of its own back-up processes and HIS may apply technical security measures to Content at the request of the Provider, HIS strongly recommends that that Provider also takes its own steps to secure and back up its Content.

7.6 HIS accepts no responsibly or liability for any loss of, disclosure of, or unauthorised access to, confidential Content. However, in the event of any such loss, disclosure, or unauthorised access to confidential Content, HIS shall promptly notify the Provider and take reasonable steps to try to re-secure the Content. The Provider may elect to discontinue using the RDP.

8.1 The only personal data the RDP stores is email (used as username) and display name for Authorised Users.

8.2 HIS will only use personal data as set out in the HIS privacy statement which provides information about how HIS processes any personal data provided by the Provider (including by its Authorised User), in accordance with applicable data protection legislation.

8.3 If a Provider or Authorised User uses the RDP feedback form, the Provider or Authorised User will be asked to provide an email address so that the RDS team can respond to their comments. This email address is not stored in the RDP platform. It is sent to a secure NHS email address within HIS.  A record of the enquirer, comment and response will be stored within the HIS secure Intranet in compliance with local information governance procedures.

8.4 Where the Provider is using RDP functionality to create tools such as forms that process personal data, the Provider must obtain approval from its Information Governance department and create a privacy statement for the relevant toolkit.  This is a requirement within the standard operating procedure for requesting a new RDP toolkit .

9.1 When the Provider or its Authorised User enters the RDP, their computer will automatically be issued with a number of small text files known as “cookies”. These cookies are used to make the RDP run more efficiently, and allow the web server to remember and store preferences as Users travel throughout RDP toolkits.  HIS also uses cookies to track visitor interaction with the RDP.

9.2 The RDP uses third party cookies from Google Inc in order to use Google Analytics to track usage of the RDP. This enables the RDS team to monitor usage of content and identify areas for improvements to the RDP. Google Analytics uses random IDs and do not get any personal data from the RDP.  Google provides more information on privacy and how this applies to Google Analytics.

9.3 The RDP also uses Microsoft ASP.Net cookies to identify when a visit to the RDP has ended and another one begins.  No person-identifiable data is held in these cookies, and they are deleted whenever a Provider or its Authorised User closes their Internet browser.

9.4 Some toolkits delivered by the RDP contain embedded videos from Vimeo and Youtube. Both these video platforms use cookies to gather analytics about usage of their content. No person-identifiable data is held in these cookies.

9.5 By using the RDP, the Provider and each Authorised User consents to the use of cookies and the processing of information in the manner and for the purposes set out above. ​

10.1 The Provider uses the RDP and makes its Content available on the RDP at the Provider’s own risk. HIS accepts no liability in connection thereto.

10.2 The Provider warrants that the Content does not infringe any third party's intellectual property rights, other proprietary rights or rights of publicity or privacy.

10.3 The Provider warrants that it will not use the RDP to submit, publish, post, display, upload, download, send or re-use any copyrighted material unless it is copyright owner, has the copyright owner's permission or is permitted to do so under a licence agreement.

10.4 Where the Provider has made use of RDP functionality that allows the Provider to upload Content to the RDP, the Provider must comply with the Content standards set out in the RDP Standard Operating Procedures and procure that the compliance of its Authorised User’s.

10.5 The Provider accepts that the RDP is provided on an “as is” and “as available” basis. HIS does not warrant that the RDP will meet any or all of the Provider’s requirements; the RDP will be uninterrupted, timely, secure or error-free; nor that any errors in the RDP (or any part thereof) will be corrected.

10.6 Any third party material downloaded or otherwise obtained by the Provider or its Authorised User(s) through use of the RDP or via any Third Party Links, is done so at the Provider’s own discretion and risk. The Provider is solely responsible for any damage caused to the Provider’s or Authorised User(s) computer or other device, or for any loss of data that results from the Provider’s, or Authorised User(s) downloading any such material.  For the avoidance of any doubt, HIS shall not be liable to the Provider or Authorised User for any loss or damage sustained as a result of the Provider’s or Authorised User’s use of any third party material downloaded or otherwise obtained by the Provider or Authorised User through use of the RDP or via any Third Party Links.

10.7 The Provider is solely responsible and liable for the Content submitted by the Provider, or by its Authorised User.  

10.8 The Provider warrants that its Content complies with these terms and conditions and the RDP Standard Operating Procedures.

10.9 The Provider will be fully responsible and liable for any and all losses or damages HIS suffers as a result of the Provider’s breach of any warranty contained within these terms and conditions.

10.10 To the maximum extent permitted by law, HIS expressly disclaims all warranties and conditions of any kind, whether express or implied, including but not limited to the implied warranties and conditions of merchantability, fitness for a particular purpose and non-infringement.

10.11 Provider expressly agrees that HIS shall not be liable in connection with:

1. the Provider’s (or Authorised User’s) use of RDP or inability to use it;
2. any purchases resulting from use of the RDP or inability to use the RDP;
3. any unauthorised access to Content, or the loss, corruption or alteration thereof;
4. any statements or conduct of any third party relating to the RDP or using the RDP;
5. HIS’ actions or omissions as a result of relying on the Authorised Users’ account information and any changes to it;  
6. an Authorised User’s failure to protect confidentiality of passwords or access to their account information;
7. acts or omissions of any third party using or integrating with the RDP;
8. any third party advertising content accessed via the RDP or Third Party Links or Provider’s purchase or use of any advertised product; or
9. any termination of an Authorised User’s account in accordance with these terms and conditions.

10.12 Subject to clause 10.13, HIS shall not be liable for any indirect or consequential losses, such as but not limited to loss of profits, goodwill or data.

10.13. Nothing in these terms and conditions shall exclude either party from liability where it would be unlawful to do so.

11.1 HIS reserve the right to monitor any and all use of the RDP, and investigate any activity HIS suspects violates these terms and conditions, HIS’ rights or interest, or the rights or interests of any person or entity.

11.2 Provider may only use the RDP for health and social care related activities. The Provider shall not, and will ensure that its Authorised Users shall not, use the RDP:

11.2.1 in any way that breaches any applicable local, national or international law or regulation;

11.2.2 in any way that is unlawful or fraudulent, or that advocates, promotes or assists any unlawful act, or that may deceive any person or that breaches any legal duty owed to a third party, such as a contractual duty or a duty of confidence;

11.2.3 in any way that is defamatory of any person, obscene, offensive, hateful or inflammatory in any way, or that promotes sexually explicit material, violence, or discrimination of any kind;

11.2.4 in any way that infringes any copyright, database right, trade mark or other intellectual property right of any other person; 

11.2.5 in any way that is threatening, abusive or invades another's privacy, or is likely to harass, any other person;

11.2.6 to impersonate any person or organisation, or to misrepresent your identity or affiliation with any person or organisation;

11.2.7 to upload, post, email, message, transmit or otherwise make available or initiate any content that includes any unsolicited or unauthorized advertising, promotional materials or any other form of solicitation whether it be for commercial or non-commercial purposes. This prohibition includes but is not limited to using RDP email capabilities to:

11.2.7.1 send messages to people who do not know you or who are unlikely to recognize you as a known contact; or

11.2.7.2 connect to people who do not know you and then sending unsolicited promotional messages to those direct connections without their permission;

11.2.8 to knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware; 

11.2.9 to use any spider- or bot-like system, software or other device or program (whether automated or otherwise) to extract content, data, information or other material from the RDP; or

• to access without authority, interfere with, damage or disrupt

11.2.10.1 any part of the RDP;

11.2.10.2 any equipment or network on which the RDP is hosted; or

11.2.10.3. RDP software or any software used in the provision of the RDP; or

11.2.11 for any advertising, commercial or profit-making purposes.

12.1 HIS retains the right, at its sole discretion, to implement new elements as part of and/or ancillary to the RDP, including changes that may affect the previous mode of operation of the RDP. HIS intends that any such modifications will enhance the overall RDS, but it is possible that the Provider may not agree.

12.2 HIS reserves the right to establish limits to the nature or size of storage available to the Provider, the nature or size of any index or library information, the nature of, or Provider’s continued ability to access or distribute, its Content and other data, and impose other limitations at any time, with or without notice.

12.3 The Provider acknowledges that a variety of actions by the RDS team may impair or prevent the Provider or its Authorised User from accessing its Content or using the RDP at certain times and/or in the same way, for limited periods or permanently. The Provider agrees that HIS has no responsibility or liability as a result of any such actions or results, including, without limitation, for the deletion of, or failure to make available, any Content.  The Provider further agrees that HIS shall not be liable to the Provider for any modification, suspension or discontinuance of any part of the RDP or wider RDS.

12.4 If the Provider finds that any modification to the RDP or service interruption adversely affects the Provider, the Provider may notify the RDS team at his.decisionsupport@nhs.scot, and explain the adverse impact the modification has created. Upon receipt of any such request, the RDS team will endeavour to promptly remedy, if and where possible, the adverse impact caused by the modification, in line with the Standard Operating Procedure for Help and Support.

12.5 HIS may from time to time engage certain affiliates or other third parties to provide technical or other services relating to all or part of the RDP. The Provider hereby agrees that such third party involvement is acceptable.

13.1 The RDP may include or reference third party resources, materials and developers and/or links to third party websites and applications as part of, or in connection with, the RDP (“Third Party Links”).  HIS is not responsible for the content of Third Party Links.  HIS has no control over Third Party Links and has not verified the content of any Third Party Links. Following Third Party Links shall be at the Provider’s own risk and HIS shall not be responsible or liable for any damage, harm or distress caused in connection with Third Party Links.

13.2 Provider acknowledges and agrees that (i) HIS is not responsible for the availability of Third Party Links; (ii) HIS is not responsible or liable for any content or other materials or performance available from Third Party Links and (iii) HIS shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any Third Party Links content.

13.3 Links to downloadable software websites are for convenience only and HIS is not responsible or liable for any difficulties or consequences associated with downloading the software. Use of any downloaded software is governed by the terms of the licence agreement, if any, which accompanies or is provided with the software.

13.4 No endorsement or approval of any third parties or their advice, opinions, information, products or services is expressed or implied by any information on the RDP.

Assignation: HIS may freely assign these terms and conditions without consent.

Waiver: HIS’ failure at any time to require performance by the Provider of any provision of these terms and conditions shall in no way affect HIS’ right to enforce such provision, nor shall the waiver of any breach by the Provider of any provision herein constitute a waiver of any succeeding breach or the provision itself.

Severability: If any provision of these terms and conditions is deemed invalid or unenforceable, then (a) that provision shall be construed to the extent necessary to make it valid and enforceable in such a manner as comes closest to preserving the intentions of such provision, and (b) the remaining provisions shall remain in full force and effect.

Governing Law: The interpretation of these terms and conditions and the resolution of any disputes arising hereunder shall be governed by Scots law, with the competent courts in Scotland having exclusive jurisdiction.