Search NEP Logo

Privacy and Cookie Policy

This is the NEP Shared System Group privacy policy. Please read it carefully as you should only submit information to us through this site if you agree we may use it in accordance with this policy.

This policy was last updated on 24 May 2018.
We appreciate how important your privacy is and recognise that we are being trusted with protecting it, so the purpose of this privacy notice is to give you a clear explanation about how we collect and use your personal data.
This privacy policy only applies to our websites; if you follow a link out of our site or leave our site in some other way, this privacy policy will no longer apply.
This website is provided by NEP Shared System Group, a NHS consortium hosted by Northumbria Healthcare NHS Trust that provides finance & procurement solutions to NHS organisations.
For all of our services, the data controller, i.e.the company that is responsible for personal data, is Northumbria Healthcare NHS Foundation Trust.
Northumbria Healthcare NHS Foundation Trust has a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy  If you have any questions about this privacy policy, including any requests to exercise your legal rights, you can contact our DPO using the contact details set out below.
Personal data, or personal information, means any information about an indivudual form which that person can be identified. It does not include data where the identify has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you as follows: 
  • Name and contact details - this can include your name, title, email address, organisation type and job title.
  • Information about your device and how you use our website and apps - this includes information you give us when you browse our website or apps, including your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as how you use our website and apps.
We collect personal data from and about you when you complete an on-line form. In general, we will collect the information we need to provide you with the service to which the form relates.
Where we ask for more information to help us improve our services, over and above the basic required information, your response is voluntary and you are free not to provide us with more information if you would prefer not to do so.
We also use cookies to understand your browsing behaviour on our website to enable us to improve your experience on this and future visits.
Cookies are small text files that are stored on your computer’s hard drive by websites you visit to enable the site to ’remember’ who you are. In general, cookies are only visible to the site that serves them, not to other websites. ‘Serves’ means places on your computer’s hard drive.
The Cookies we use
We use the cookies on this website to help you navigate our website efficiently, perform certain functions and to collect site statistics.  These cookies do not store any personal information that would, on its own, allow us to identify individual users of this service without your permission.
NEP Shared System Group use a number of suppliers (3rd Party) who also set cookies this website on our behalf in order to deliver the services that they are providing. If you would like more information about the cookies used by these suppliers, as well as information on how to opt-out, please see the information in the tables provided below.
Please be aware that restricting cookies may impact on the functionality of the NEP Shared System Group website and could mean that key features do not work properly. We strongly recommend allowing cookies from this website so that we can provide you with a full service.
To help you make an informed decision, we have categorised the cookies used on this site into two categories;
1. Necessary cookies – these cookies are fundamental to ensure the site works correctly.
2. Optional cookies – These cookies could help us track how you use the website so that we can improve the information and experience provided to you. They may also provide additional features by 3rd party providers to allow you to socially share content or comment on this website.
The cookies used on this site are explained in the tables below.

Necessary cookies




Description / Purpose

NEP Shared System Group


End of session

This session cookie is used to store anonymous details about the pages visited by you on this website and is required to provide this functionality to you. If you do not allow this cookie this website will not work correctly.

NEP Shared System Group



This cookie that tells us that you have accepted cookies from this site and allows us to stop showing you the same message each time you visit the site.


Optional cookies


Description / Purpose

Google Analytics

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this Plug-in to allow us to provide a better user experience to you and only use it on the basis that Google adheres to its own Privacy Policy.


The Google Privacy policy

How to control and delete cookies

NEP Shared System Group will not use cookies to collect personally identifiable information about you unless you willing provide it. However, if you wish to restrict or block the cookies which are set by this website, or indeed any other website, you can do this through your browser settings. The Help function within your browser should tell you how.

Alternatively, you may wish to visit which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about cookies.
For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
We do not use ’spyware’, that is web bugs or hidden identifiers or other similar devices to gain access to information, store hidden information or to trace your activities.
Traffic data
We keep a record of traffic data which is logged automatically by the server. This includes your IP address, the website address you visited before ours, the website address you visit after leaving our site and which pages you visit on our site. We do not store or analyse this traffic data in a way that identifies any individual. We also use Google Analytics for site statistics – see 'Cookies’ above for details of how this works.
We will only use your personal data when the law allows us to. We use your personal data to provide you with relevant information about services that you have requested from us.
We will not use you personal data to send any direct marketing material to you.
We may share your personal data with the following third parties in certain circumstances as an essential part of being able to provide our products and services to you, as set out in this notice:
  • Suppliers/Partner who process information on our behalf, such as our IT Managed Service Providers.
  • Law enforcement or regulatory bodies if required to do so by them.
  • A third party in the context of actual or threatened legal proceedings or if otherwise required to do so by law.
Your personal data will not be disclosed to or shared with any other third party except as specified above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We’re committed to keeping your personal data secure and have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data protection legislation is harmonised throughout the European Economic Area (EEA), which comprises the EU member states, Norway, Iceland and Liechtenstein. Countries outside the EEA do not generally have the same level of protection for personal information as those within the EEA.
Because of the way the Internet works, it is possible that the information you provide to us could be routed via countries outside the EEA. However this is not considered a ‘transfer’ under data protection legislation and unless you are from outside the EEA, we will not transfer any information we collect from you outside the EEA without your permission or as permitted by law.
Further information about data protection issues including the online Register of Data Controllers can be found at
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. 
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances, you can ask us to delete your data: see the section detailing your legal rights below for further information.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We may amend our privacy policy from time to time to reflect changes to our business, website or to data protection law or legislation. You can see when this privacy policy was last updated by checking the “last updated” date displayed at the top of this privacy policy.
When we update our privacy policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. 
If you wish to exercise any of the rights set out above or if you have any questions or a complaint, please contact by writing to the Information Governance Department or the designated Data Protection Officer using the below contact information. 
Information Governance Team
Northumbria House
7 -8 Silver fox way
Cobalt Business Park
North Shields
Tyne and Wear
NE27 0QJ
Data Protection Officer
Tracey Best
Northumbria House
7 -8 Silver fox way
Cobalt Business Park
North Shields
Tyne and Wear
NE27 0QJ
"Data Protection Laws" means the General Data Protection Regulation ((EU) 2016/679 and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK. Further information about data protection issues including the online Register of Data Controllers can be found on the Information Commissioner’s website.
"IP address"  is the term for an Internet Protocol address which is a numerical code that each device connected to the Internet has in order to identify that device. The code contains an element that supports location identification (to varying levels of accuracy).
"Personal information" means any information (including sensitive information) that we have obtained from you in connection with a service or product provided to you that is held now or at any time in the future by us.

Find out how NEP can help your trust

Get In Touch