Cookie & Privacy Policy

This website is provided by NEP, an NHS consortium hosted by Northumbria Healthcare NHS Trust that provides finance & procurement solutions to NHS organisations.

The Data Controller and the Data Protection Officer for NEP are its host organisation, Northumbria Healthcare NHS Foundation Trust.

How we use your information

This privacy notice tells you what to expect when Northumbria Healthcare NHS Foundation Trust or any of its subsidiaries (including NEP) collects personal information. It applies to information we collect about:

  • Visitors to our websites
  • Staff members and prospective employees (including volunteers)
  • Individuals engaging with any of our services, including but not limited to:
    • Complaints
    • Individuals who subscribe to our newsletter or request a publication from us (e.g. Foundation Member)
    • Individuals exercising rights under the Freedom of Information Act

There may be occasion when we need to share your information with other organisations in order to carry out our public functions, in such circumstances we make every effort to establish a written form of agreement/ contract in such cases to ensure that all information is kept secure and is not disclosed to any unauthorised individuals.

Visitors to our websites

While visiting our website there may be instances where we collect personally identifiable information. We will make this clear when we collect personal information and will explain what we intend to do with it at the point that it is submitted. The information we collect will only include details you input yourself, in the event that you wish to contact us for further information.


This site has security measures in place to protect the loss and alteration of information under our control.

People who contact us via social media

If you send us a private or direct message via social media the message will be accessible by the communications team.  It will not be shared with any other organisation unless there is a legal requirement to. Feedback received via social media may be used internally in reports, all personal identifiable information is however removed.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Visitors to our sites

Visitors: During visits to our site, visitors may be asked to sign in on a register.  The information provided in relation to this may include your name & purpose of your visit. This is so that Northumbria Healthcare is aware of who is visiting the site at all times for audit purposes. This information would also be vital in the event that any premises need to be evacuated e.g. in the event of a fire.  The information in these registers is only retained for as long as necessary before being securely destroyed.


As a supplier/ prospective supplier to the trust we collect the following information:

  • Name;
  • Company details & contact information (address, email, telephone number etc.);
  • If you are a sole trader, your unique tax reference (UTR) number;

Your information is collected under a contractual legal basis under the Data Protection Act 2018/ General Data Protection Regulations and may be used for the following purposes:

  • Contacting you in relation to a procurement exercise;
  • Contacting you in respect of establishing or managing a contract;
  • If applicable your UTR number will be used to confirm that you are registered with HMRC for self-assessment tax purposes.

Information is only held for as long as is necessary for the purposes it has been collected for and in line with the appropriate retention periods stipulated by the records management code of practice for health and social care 2016.

Links to other websites

This privacy notice does not cover any links within this website that direct individuals to external websites that are not part of the Northumbria Group. We encourage you to read the privacy statements on the external websites you visit.


When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • Enabling a service to recognise your device so you don’t have to give the same information several times during one task
  • Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
  • Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.

You can manage these small files yourself and learn more about them at Directgov.

Cookie Name Description
civicAllowCookiescivicShowCookieIconCookie Control: When you click “I’m happy with this…” on the Cookie Control user interface, a cookie is set in order to remember your preference.
These cookies are set only after the user has given consent to us to use cookies.
Google Analytics: We use Google Analytics to monitor traffic levels, search queries and visits to this website. Google Analytics stores IP address anonymously on its servers in the US, and neither Northumbria NHS Trust nor Google associate your IP address with any personally identifiable information.
These cookies enable Google to determine whether you are a return visitor to the site, and to track the pages that you visit during your session.
These cookies are set only after the user has given consent to us to use cookies.

Your rights

Under Data Protection Laws (General Data Protection Regulations) you are able to find out what information is held about you, on computer and in certain manual records. This is known as “right of subject access”.

If you want to see or receive a copy of your information, a copy of the application form can be found here, you can also contact please contact us on the details provided below. In certain circumstances access to your information/records may be limited, if such an instance occurred, we would provide reasons for this.
Under Data Protection Laws (General Data protection Regulations), you may also have additional rights in relation to your information. For example:

  • You also have the right to request any decisions taken by automated decision making with regards to your information;
  • You may have the right to erasure of your personal information held by us, in certain circumstances.

You have the right to withdraw consent at any time, where consent has been given.

Changes to our policy

If our privacy policy changes in any way, we will place an updated version on this page. Regularly reviewing the page ensures you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.

Further information

If you would like to know more about how we use your information or if, for any reason you do not wish to have your information used in any of the ways described above, please contact us using the information below. Further guidance about data protection can be obtained at You also have the right to lodge a complaint with the Information Commissioners Office.

Contact information

Information Governance team

Information Governance
Digital Services
3rd Floor
Cobalt Business Exchange and Conference Centre
Cobalt Park Way
Newcastle upon Tyne
NE28 9NZ

0191 607 3601 or

Data Protection Officer

Tracey Best
Digital Services
3rd Floor
Cobalt Business Exchange and Conference Centre
Cobalt Park Way
Newcastle upon Tyne
NE28 9NZ