Skip to main content

Last updated: 27.02.2026

These Terms and Conditions (“Terms”) govern the use of the Policy Now software-as-a-service policy management system (the “Platform”), provided by Policy Now Ltd, a company incorporated in England and Wales with registered number 16942214 and registered office at Suite 155, 1 Silk House, Park Green, Macclesfield, SK11 7QJ, UK. (“we”, “us”, or “our”).

By accessing or using the Platform, you agree to be bound by these Terms. If you do not agree, you must not use the Platform.

  1. Definitions and Interpretation

In these Terms:

  • “Account” means a registered user account created to access the Platform.
  • “Authorised Users” means individuals authorised by you to use the Platform under your Subscription.
  • “Content” means policies, procedures, documents, data, and other materials uploaded to or generated within the Platform by you.
  • “Controller”, “Processor”, “Personal Data”, “Personal Data Breach”, and “processing” have the meanings given in the UK GDPR.
  • “Healthcare Provider” means an independent healthcare professional or organisation providing health or social care services in the UK.
  • “Subscription” means paid access to the Platform.
  • “Third-Party App” means the external application or marketplace through which subscriptions and payments are processed.
  1. Eligibility and Acceptance

2.1 The Platform is intended solely for independent healthcare providers operating in the United Kingdom.

2.2 By using the Platform, you confirm that:

  • you are acting in a business or professional capacity;
  • you are the Controller of any Personal Data uploaded to the Platform (except where expressly agreed otherwise);
  • you have authority to bind the organisation on whose behalf you use the Platform; and
  • you are legally capable of entering into these Terms.
  1. Scope of Services and Regulatory Position

3.1 The Platform provides tools for the creation, storage, management, review, and distribution of healthcare-related policies and procedures.

3.2 Regulatory Status

The Platform is an administrative software tool. It does not constitute:

  • regulated clinical advice;
  • legal advice;
  • regulated management consultancy; or
  • a regulated activity within the meaning of the Health and Social Care Act 2008.

Use of the Platform does not discharge, reduce, or transfer any statutory or regulatory obligations of the Healthcare Provider.

3.3 The Platform is provided for administrative and compliance-support purposes only. It does not provide regulatory certification, independent auditing, or compliance guarantees.

3.4 Governance Responsibility

You remain solely responsible for:

  • implementation and operational enforcement of policies;
  • staff training and awareness;
  • governance oversight and review cycles;
  • maintaining accurate and up-to-date policies;
  • demonstrating compliance during inspection.

Uploading a policy to the Platform does not constitute implementation or compliance.

3.5 You remain solely responsible for:

  • the accuracy, suitability, and legal compliance of your Content;
  • ensuring you have a lawful basis for processing Personal Data;
  • ensuring uploaded materials comply with applicable law and professional standards.
  1. Subscription and Payments

4.1 Access is provided on a Subscription basis.
4.2 Payments are processed via a Third-Party App. We do not store payment details.
4.3 Subscription fees, renewals, cancellations, and refunds are governed by the Third-Party App terms in addition to these Terms.
4.4 Failure to maintain an active Subscription may result in suspension, termination, or deletion of data in accordance with Section 8 and Schedule A.

  1. Account Registration and Security

5.1 You must provide accurate and up-to-date information.
5.2 You are responsible for maintaining confidentiality of login credentials.
5.3 You must notify us immediately of suspected unauthorised access.
5.4 You must ensure Authorised Users comply with these Terms and applicable data protection law.

  1. Acceptable Use

You agree not to:

  • use the Platform for unlawful, fraudulent, or misleading purposes;
  • upload defamatory, offensive, or infringing material;
  • attempt unauthorised access;
  • interfere with system integrity;
  • upload Personal Data unlawfully;
  • upload special category data unless lawfully processed and necessary;
  • use the Platform as a substitute for statutory reporting systems;
  • represent that the Platform guarantees regulatory compliance.

We may suspend or terminate access for breach.

  1. Intellectual Property

7.1 All intellectual property rights in the Platform belong to us or our licensors.
7.2 We grant you a limited, non-exclusive, non-transferable licence during an active Subscription.
7.3 You retain ownership of your Content.
7.4 You grant us a limited licence to host, process, transmit, and display your Content and Personal Data solely to provide the Platform in accordance with your documented instructions and Schedule A.

  1. Data Protection

8.1 Roles
You are the Controller.
We act as Processor.

8.2 Incorporation of DPA
Schedule A (Data Processing Agreement) forms part of these Terms.
If there is any conflict, Schedule A prevails in relation to Personal Data.

8.3 Documented Instructions
You instruct us to process Personal Data:

  • to provide the Platform;
  • to provide support;
  • to maintain security;
  • to comply with applicable law;
  • as otherwise agreed in writing.

8.4 Security Measures
We implement appropriate technical and organisational measures in accordance with Article 32 UK GDPR.

8.5 Information Governance

We maintain measures including:

  • role-based access controls;
  • logical separation of customer data;
  • encryption in transit;
  • UK-based hosting (unless lawfully safeguarded).

You remain responsible for user configuration, retention settings, and internal confidentiality controls.

8.6 Sub-processors

You provide general written authorisation for sub-processors listed in our Privacy Policy.
We remain responsible for their compliance.

8.7 International Transfers

Transfers outside the UK will occur only where appropriate safeguards are implemented under UK law.

8.8 Regulatory Cooperation

Upon reasonable request, we will provide written confirmation of our processor role and high-level security measures for inspection purposes. We are not required to correspond directly with regulators unless legally compelled.

8.9 Deletion or Return

Upon termination, Personal Data shall be deleted or returned in accordance with Schedule A, unless retention is required by law.

  1. Confidentiality

Each party shall treat confidential information appropriately.
We ensure personnel processing Personal Data are subject to confidentiality obligations.

  1. Availability and Support

We aim for continuous availability but do not guarantee uninterrupted service.
Maintenance may temporarily restrict access.

  1. Suspension and Termination

We may suspend or terminate access for breach, legal requirement, or non-payment.

Upon termination:

  • your licence ends immediately;
  • Personal Data handling is governed by Schedule A;
  • obligations under Section 8 and Schedule A survive.

11.5 Regulatory Preservation

If you notify us that data is required for regulatory investigation or legal proceedings, we will not delete relevant data unless legally required.

  1. Limitation of Liability

12.1 Nothing limits liability for death, personal injury, fraud, or liability that cannot lawfully be excluded.

12.2 We are not liable for indirect or consequential losses.

12.3 Subject to clause 12.1:

(a) Non-data protection claims are capped at the fees paid in the 12 months preceding the claim.
(b) Data protection claims attributable to us are capped at 150% of fees paid in the 12 months preceding the claim.

12.4 Nothing limits liability where prohibited by UK data protection law.

  1. Indemnity

You indemnify us against claims arising from:

  • unlawful Personal Data processing;
  • failure to obtain lawful basis;
  • unlawful instructions;
  • misuse of the Platform.
  1. Changes to the Terms

We may update these Terms.
Material changes affecting data protection will be notified reasonably in advance.

  1. Governing Law and Jurisdiction

These Terms are governed by the laws of England and Wales.
The courts of England and Wales have exclusive jurisdiction.

  1. Regulatory Non-Reliance

The Platform does not independently audit compliance, monitor regulatory adherence, guarantee conformity with regulatory standards, or provide certification.

You remain solely responsible for demonstrating compliance to regulators.

  1. Disclaimer

The Platform provides access to organisational policies and procedures only.
It does not provide clinical advice or replace professional judgement.
Your organisation is responsible for ensuring uploaded content is accurate and current.

  1. Contact Information

Email: admin@policynow.uk
Company: Policy Now Ltd

SCHEDULE A

DATA PROCESSING AGREEMENT (DPA)

Between:

  1. Policy Now Ltd (Processor)
  2. The Customer (Controller)
  1. Purpose and Scope

This DPA applies where the Processor processes Personal Data on behalf of the Controller in providing the Platform.

  1. Processor Obligations

The Processor shall:

  • process Personal Data only on documented instructions;
  • ensure personnel confidentiality;
  • implement appropriate security measures;
  • notify the Controller of a Personal Data Breach without undue delay and, where feasible, within 48 hours;
  • assist with data subject rights requests;
  • delete or return Personal Data at the end of services unless legally required to retain it;
  • impose equivalent data protection obligations on sub-processors;
  • make available information necessary to demonstrate compliance with Article 28 UK GDPR.

Audits shall:

  • occur no more than once annually unless legally required;
  • occur with reasonable notice;
  • not access other customers’ confidential information;
  • not unreasonably disrupt business operations.
  1. International Transfers

Data will primarily be processed within the UK.
Any transfer outside the UK shall rely on appropriate safeguards such as UK adequacy regulations or International Data Transfer Agreements.

  1. Details of Processing
  • Subject Matter: Provision of the Platform
  • Duration: Duration of Subscription
  • Nature/Purpose: Policy management
  • Data Categories: Names, job titles, contact details, credentials, and data within uploaded policies
  • Data Subjects: Platform users and individuals referenced in documentation