Terms & Conditions Privacy Policy Cookie Policy

Privacy Policy

Last updated: 6 February 2026 · Version 1.0

1. Introduction

Daedalus Healthcare Technology Ltd ("we", "us", "our") is committed to protecting the privacy and security of personal data processed through the ListLogic Theatre Analytics platform ("the Platform"). This Privacy Policy explains how we collect, use, store, and protect your information.

We act as a data processor on behalf of your Organisation (the data controller) for Organisation Data, and as a data controller for account and usage data necessary to provide the Platform.

2. Data Controller and Processor

Data Type Controller Processor
Theatre session and case data Your Organisation Daedalus Healthcare Technology Ltd
User account data Daedalus Healthcare Technology Ltd
Platform usage analytics Daedalus Healthcare Technology Ltd

3. Information We Collect

3.1 Account Information

When your Organisation creates your account, we collect:

  • Full name and title
  • Email address
  • Job role
  • Organisation affiliation
  • Authentication credentials (securely hashed — we never store passwords in plain text)

3.2 Organisation Data

Your Organisation may upload or input data including theatre session records, surgical case data, staff rotas, and planning information. This data is processed solely to provide Platform functionality and is owned by your Organisation.

3.3 Usage Data

We automatically collect:

  • Login timestamps and session duration
  • Pages and features accessed
  • Browser type and device information
  • IP address

3.4 Cookies

We use essential cookies to operate the Platform. For full details, see our Cookie Policy.

4. How We Use Your Information

We use personal data for the following purposes:

Purpose Legal Basis (UK GDPR)
Providing and maintaining the Platform Performance of contract
User authentication and access control Performance of contract
Security monitoring and audit logging Legitimate interest
Platform improvement and analytics Legitimate interest
Responding to support requests Performance of contract
Compliance with legal obligations Legal obligation

5. Data Sharing

We do not sell personal data. We may share data with:

  • Your Organisation — account and usage information as the data controller
  • Infrastructure providers — hosting and cloud services providers who process data on our behalf under appropriate contracts
  • Legal authorities — where required by law or to protect our legal rights

All third-party processors are bound by data processing agreements that ensure equivalent levels of data protection.

6. Data Security

We implement appropriate technical and organisational measures including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Secure password hashing (bcrypt)
  • Two-factor authentication support
  • Role-based access controls
  • Regular security assessments and penetration testing
  • Audit logging of data access and modifications
  • Data hosted within the United Kingdom

7. Data Retention

Organisation Data is retained for the duration of the Organisation's licence agreement. Upon termination, data will be securely deleted within 90 days unless a longer retention period is required by law or agreed in writing.

User account data is retained for the period of your active account, plus 12 months following account deactivation for audit purposes.

8. International Transfers

We store and process data within the United Kingdom. If any transfer outside the UK is required, we ensure appropriate safeguards are in place in accordance with UK GDPR, such as standard contractual clauses or adequacy decisions.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data in certain circumstances
  • Restriction — request limitation of processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest

For Organisation Data, please direct requests to your Organisation as the data controller. For account data, contact us directly.

10. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated via the Platform. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

12. Contact and Complaints

For privacy-related enquiries or to exercise your rights:

Data Protection Officer
Daedalus Healthcare Technology Ltd
Email: dpo@listlogic.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

← Back to Sign In
Terms & Conditions · Privacy Policy · Cookie Policy