Privacy Policy

Privacy Policy

For the purposes of the Data Protection Act 2018 (the “Act”) the Controller is NHS England which hosts NECS. You will find us listed in the register on the Information Commissioner’s website, simply search for NHS England. The registered address for NECS is John Snow House Durham DH1 3YG as a Processor.

NECS also acts as a Processor for our customers, who are also legally required to publish their own Privacy Notices. Where NECS is the Processor for organisations that are also a Controller, you will see us named in their Privacy Notice for the services we provide.

The Data Protection Act 2018 and General Data Protection Regulation (GDPR) gives people better control over what businesses and organisations can do with their data. It also makes data protection laws identical across all EU countries, including the UK now and after Brexit, making things clearer and simpler for everyone. It applies to “controllers” and “processors” of data, which covers every organisation that handles people’s personal data at some point, whether it’s the data of customers, suppliers, the public or staff. It’s therefore important that we as an organisation are compliant, and that all staff understand the implications of the new legislation.

Summary of our Privacy Policy

Your privacy is extremely important to us. We only use the information you provide about yourself when using this website to answer your enquiry or to help us to improve our service to you. We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

The National Fraud Initiative

NHS England is required to protect the public funds it administers. It may share information provided to it with other bodies responsible for; auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014.

For more information on this please visit the following page: https://www.england.nhs.uk/contact-us/privacy-notice/how-we-use-your-information/public-and-partners/the-national-fraud-initiative/

The information we collect

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our site at www.nelcsu.nhs.uk (our “Website”). This includes information provided when completing our enquiry form or submitting feedback on a consultation. This may include your name, your organisation’s name, your position, email address, business address and contact telephone number. We may also ask you for information when you report a problem with our site.
  • If you contact us, we may keep a record of that correspondence.
  • NECS CSU may ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of your visits to our site including (but not limited to) web server statistics, traffic data, location data and details of the web pages and resources that you access. We may collect information about the device you use to view the site, its operating system and browser type via the web server log files, for system administration and to analyse aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify you individually. You can read details of our statistical cookies and how you can manage them/opt out of them in our Cookie Policy.

More information on the services that collect data to provide our services is available on our solutions pages.

NECS is a hosted organisation and as such we adhere to the Privacy Policy of NHS England.

How we protect your information

All information you provide to us is stored on our secure servers. We will be installing an SSL certificate to encrypt data transmissions through our site within the next few weeks.

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we use strict internal procedures and security features to prevent unauthorised access.

There are facilities within this web site which allow you to type in information and send it to NECS CSU. You should be aware that such transmissions are currently not subject to any encryption and could, in theory, be intercepted and read by someone. Therefore you may wish to avoid including information which you consider to be private. Any information you supply to NECS CSU via this web site will be handled in accordance with our policies and procedures for data protection.

We also keep your information confidential. The internal procedures of NECS CSU cover the storage, access and disclosure of your information.

How we use your information

We use information held about you in the following ways:

  • To provide you with information, services that you request from us
  • To carry out our obligations arising from any contracts entered into between you and us.

We may also use your data to provide you with information about goods and services which may be of interest to you and we may contact you about these by email, SMS, post or telephone.

If you do not want us to use your data in this way, please contact us.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.

Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

The Data Protection Act 2018 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Your consent

By submitting your information you consent to the use of that information as set out in this policy. If we change our privacy policy we will post the changes on this page, and may place notices on other pages of the Website, so that you may be aware of the information we collect and how we use it at all times. We will also e-mail you should we make any changes so that you may consent to our use of your information in that way. Continued use of the service will signify that you agree to any such changes.

Owing to the global nature of the Internet infrastructure, the information you provide may be transferred in transit to countries outside the European Economic Area that do not have similar protections in place regarding your data and its use as set out in this policy. However, we have taken the steps outlined above to try to improve the security of your information. By submitting your information you consent to these transfers.

Contact Details

As part of the Data Protection legislation, it is necessary for us to have a Data Protection Officer (DPO). NEL is a hosted organisation, we fulfil our requirement for a Data Protection Officer (DPO) through NHS England’s DPO, their Corporate Head of Information Governance. Also, all CSUs have a Deputy DPO, and the NEL DPO is the Head of Information Governance.

We welcome your views about our website and our privacy policy. If you have any queries or comments, or if any of the information that you have provided to the NECS CSU, please contact us.