For the purposes of the Data Protection Act 2018 (the “Act”) the Controller is NHS England which hosts NECS. You will find us listed in the register on the Information Commissioner’s website, simply search for NHS England. The registered address for NECS is John Snow House Durham DH1 3YG as a Processor.
NECS also acts as a Processor for our customers, who are also legally required to publish their own Privacy Notices. Where NECS is the Processor for organisations that are also a Controller, you will see us named in their Privacy Notice for the services we provide.
The Data Protection Act 2018 and General Data Protection Regulation (GDPR) gives people better control over what businesses and organisations can do with their data. It also makes data protection laws identical across all EU countries, including the UK now and after Brexit, making things clearer and simpler for everyone. It applies to “controllers” and “processors” of data, which covers every organisation that handles people’s personal data at some point, whether it’s the data of customers, suppliers, the public or staff. It’s therefore important that we as an organisation are compliant, and that all staff understand the implications of the new legislation.
Your privacy is extremely important to us. We only use the information you provide about yourself when using this website to answer your enquiry or to help us to improve our service to you. We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.
The National Fraud Initiative
NHS England is required to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.
We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.
The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014.
For more information on this please visit the following page: https://www.england.nhs.uk/contact-us/privacy-notice/how-we-use-your-information/public-and-partners/the-national-fraud-initiative/
The information we collect
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site at www.nelcsu.nhs.uk (our “Website”). This includes information provided when completing our enquiry form or submitting feedback on a consultation. This may include your name, your organisation’s name, your position, email address, business address and contact telephone number. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- NECS CSU may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
More information on the services that collect data to provide our services is available on our solutions pages.
How we protect your information
All information you provide to us is stored on our secure servers. We will be installing an SSL certificate to encrypt data transmissions through our site within the next few weeks.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we use strict internal procedures and security features to prevent unauthorised access.
There are facilities within this web site which allow you to type in information and send it to NECS CSU. You should be aware that such transmissions are currently not subject to any encryption and could, in theory, be intercepted and read by someone. Therefore you may wish to avoid including information which you consider to be private. Any information you supply to NECS CSU via this web site will be handled in accordance with our policies and procedures for data protection.
We also keep your information confidential. The internal procedures of NECS CSU cover the storage, access and disclosure of your information.
How we use your information
We use information held about you in the following ways:
- To provide you with information, services that you request from us
- To carry out our obligations arising from any contracts entered into between you and us.
We may also use your data to provide you with information about goods and services which may be of interest to you and we may contact you about these by email, SMS, post or telephone.
If you do not want us to use your data in this way, please contact us.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.
Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
The Data Protection Act 2018 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
Owing to the global nature of the Internet infrastructure, the information you provide may be transferred in transit to countries outside the European Economic Area that do not have similar protections in place regarding your data and its use as set out in this policy. However, we have taken the steps outlined above to try to improve the security of your information. By submitting your information you consent to these transfers.
As part of the Data Protection legislation, it is necessary for us to have a Data Protection Officer (DPO). NEL is a hosted organisation, we fulfil our requirement for a Data Protection Officer (DPO) through NHS England’s DPO, their Corporate Head of Information Governance. Also, all CSUs have a Deputy DPO, and the NEL DPO is the Head of Information Governance.