Privacy policy and cookies

Who are we?

NHS Providers is the membership organisation for NHS foundation trusts and trusts. We are a charitable organisation whose aim is to support trusts to lead and improve the running of their organisation.

This policy applies if you are a member or associate member of NHS Providers, a stakeholder, commercial organisation or use any of our services, visit our website, email, call or write to us.

NHS Providers takes your privacy seriously and we are committed to protecting and respecting your privacy. This policy sets out how we collect and process data that you provide to us. Any personal data that you give us will be treated with the utmost care and security. It will not be used in ways to which you have not consented.

We process personal data for certain legitimate business purposes, which include some of the following:

Privacy notice for members

Privacy notice for non-members

Privacy policy for job applicants

Privacy notice for members

We use the personal data you provide as a member to service your membership. This includes sending renewal information to annual members by mail and email, sending NHS Providers newsletters and information about our reports, surveys and briefings. It is also used to verify you when you sign up to manage your membership online.

What information is collected?

We collect personal data in connection with specific activities such as registration or membership, placing an order and conducting research.

Website

We collect certain data or information when you use www.nhsproviders.org including:

Links to other websites

Our website may contain links to and from other websites who will have their own privacy policies. Please note that we do not accept responsibility or liability for these policies. You should check their policies before you submit any personal data to these websites. This privacy policy applies solely to the personal data collected by NHS Providers.

Storage of data

We take appropriate technical and organisational measures to ensure that we keep your information secure, accurate and up to date. For example our internal spreadsheets are always encrypted and our network is protected and routinely monitored. 

NHS Providers are based in the UK and we store our data within the European Union (EU) using a virtual desktop system, VESK and through our CRM system, Microsoft Dynamics. Data from event registrations is stored by Eventsforce.

Some organisations which provide services to us may transfer data outside the European Economic Area but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the US. However we only allow this when we certain it will be adequately protected. (e.g. US Privacy Shield or Standard EU contractual clauses).

Cookies

We use cookies to collect user data. This data allow us to assess the popularity of certain areas of the website and raise the level of service performance which we provide for you. We use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information; their privacy policy is available here.

We may use both session cookies and persistent cookies on the website. We will use the session cookies to keep track of you while you navigate the website. We will use the persistent cookies to enable our website to recognise you when you visit.

Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.

If you want to block cookies, you can use a universal cookie blocker such as the Google Analytics opt-out

Email marketing

If a member has agreed to hear from us, we will periodically use their preferred contact address (usually email) to send updated information, invitations to NHS Providers events, networks, services and policy briefings. 

Occasionally we may also to send information to all members or affiliate members, on topics that are an essential part of the membership experience, such as notice of the annual conference and exhibition, or an invitation to take part in our surveys or our policy work.

You have a right at any time to stop us from contacting you for marketing purposes, by writing to communications@nhsproviders.org. You can also change your email preferences by logging in to your account on the website or by using the unsubscribe link at the bottom of our messages.

We use Dotdigital to deliver our eMarketing. We gather statistics around email open rates and click through rates using industry standard technologies including clear gifs to help us monitor and improve. For more information, please see Dotdigital's privacy policy.

Direct marketing by post and telephone

Upon registration you are given the option to opt in to receive marketing communications by post or telephone. Where you do opt in to such communications, NHS Providers may send you information about our policy work, forthcoming events or products and services we offer. If you would like to change your marketing preferences you can email us, write to us or log in to your account on the website at any time.

Events

We use Eventsforce to enable you to book your places for conferences and events and collect information on your attendance. This data includes your contact details, your organisation name, invoice address, access and dietary requirements, the events you have visited and the date that you attended. NHS Providers will undertake customer analysis on this data to allow us to understand visiting trends. For details on their privacy policy please visit their website.

Survey tool

We may ask you to fill out surveys about our conferences or policy work in or to provide an evidence base and improve our products and services, although you do not have to respond to them. We use a third party service, Smart Survey, to send out surveys. For more information, please see Smart Survey’s privacy statement on their website.

Website search

Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either NHS Providers or any third party.

Website

Our aim is to understand what you want from the website and to improve our services to you. All those wishing to become registered users are asked to submit their email addresses, first name, last name, title, and job title.

Submission of your email address enables us to contact you at any time. This will be used to set up targeted newsletter services and other email-based services to enhance your experience and set communication preferences based on what you want to hear from us.

Disclosure to third parties

We do not pass, sell, trade or rent personal details entered on this website or the community to others.

You agree that you do not and will not consider anything in this privacy policy being a breach of any of your rights under the Telecommunications (Data Protection and Privacy) Regulations 1999. 

We reserve the right to access and disclose individually identifiable information to comply with applicable laws and lawful government requests, to operate our systems properly or to protect ourselves or our users. We also reserve the right to disclose individually identifiable information to third parties where a complaint arises concerning your use of the website and that use is deemed by us inconsistent with these terms and/or the additional terms.

We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. You can update your preferences by emailing us, writing to us or by logging into the website at any time.

Keeping your information

We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.

Access to information

You have the right to access the information we hold about you by making a subject access request under the Data Protection Act 2018. To request this information, please write to us at 157-197 Buckingham Palace Road, London, SW1W 9SP

If you believe that any information we are holding on you is incorrect or incomplete, please write to at the above address or email the team and we'll update it.

Changes to our privacy policy

This policy was updated in January 2023. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.

Contact us

We welcome your questions and comments about privacy issues and how we are using your personal data.

If you would like to get in touch you can email the team or write to us at 157-197 Buckingham Palace Road, London, SW1W 9SP.

Data protection officer

The nominated data controller is Peter Gill, Project Director IT and Digital at NHS Providers, 157-197 Buckingham Palace Road, London, SW1W 9SP.

Privacy notice for non-members

What information is collected?

We collect personal data in connection with specific activities such as signing up to newsletters, registration of events, associate membership sign up, placing an order and conducting research.

This personal data includes your email address, name, job title, organisation address, land and mobile phone numbers and other contact details.

How we use your personal data

We process your personal data to be able to:

Who we share your personal data with

We sometimes need to share the personal information we process with the individuals themselves and also with other organisations such as suppliers and service providers. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA), Privacy and Electronic Communications Regulation (PECR) and the EU General Data Protection Regulation (GDPR) as it applies.

How we contact you

If a stakeholder or commercial organisation has agreed to hear from us, we will periodically use their email address, mailing address or telephone number to send updated information, invitations to NHS Providers events, products and services.

Keeping your information

We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.

Storage of data

We take appropriate technical and organisational measures to ensure that we keep your personal information secure, accurate and up to date. For example our internal spreadsheets are always encrypted and our network is protected and routinely monitored. 

NHS Providers are based in the UK and we store our data within the European Union (EU) using a virtual desktop system, VESK and through our CRM system, Microsoft Dynamics. Data from event registrations is stored by Eventsforce.

Some organisations which provide services to us may transfer data outside the European Economic Area but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the US. However, we only allow this when we certain it will be adequately protected (e.g. US Privacy Shield or Standard EU contractual clauses). 

Changes to our privacy policy

This policy was updated in January 2023. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Access to information

You have the right to access the information we hold about you by making a subject access request under the Data Protection Act 2018. A small fee of £10 may be payable. To request this information please write to us at 157-197 Buckingham Palace Road, London, SW1W 9SP.

If you believe that any information we are holding on you is incorrect or incomplete, please write to at the above address or email the team and we will promptly update it.

Contact us

We welcome your questions and comments about privacy issues and how we are using your personal data.

If you would like to get in touch you can email the team or write to us at 157-197 Buckingham Palace Road, London, SW1W 9SP.

Data protection officer

For the purpose of the Data Protection Act 2018 the nominated data controller is Peter Gill, Project Director IT and Digital at NHS Providers, 157-197 Buckingham Palace Road, London, SW1W 9SP.

Privacy policy for job applicants

NHS Providers is the data controller for the personal information you submit to us as part of an application for employment. If you have any queries about the process or how we will manage your information, you can contact us via recruitment@nhsproviders.org.

What do we do with the information you provide to us?

All the information you provide during the application process will be used only for the purpose of progressing your application, or to fulfil legal or regulatory requirements as necessary. We will not share the information you provide during the recruitment process with any third parties or store your information outside the European Economic Area. Your information will be held securely by us whether it is in an electronic or physical format.

The contact details you provide to us will not be used for any purpose other than to progress your application. All other information provided will be used to assess your suitability for the role for which you have applied.

What information do we ask you to provide?

We do not ask for more information then we need to process your application and will not retain it for longer than is necessary for that purpose. You do not have to provide the information we request but it might affect your application if you do not give it.

Application stage

Applications for employment at NHS Providers are made directly to this organisation and are not collected by any third parties.

We ask you for your personal details including name and contact details (specifically your email address and a contact telephone number). We also ask for your previous experience, education and for other information which demonstrates your suitability for the role in question. Only our HR team have access to all of this information.

Shortlisting

The hiring manager/s shortlist applications for interview but they are not provided with the name or contact details of applicants. 

Details of applicants who are not shortlisted for interview will be deleted three months after the end of the recruitment process.

Interviews

Applicants invited for interview may be asked to perform a written test. Notes may also be taken during the interview. This information is held only by NHS Providers.

If you are unsuccessful in your application following interview, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you agree, we may contact you should any suitable vacancies arise. Otherwise, your information will be deleted within three months of the end of the recruitment process.

Conditional offer

If we make an offer of employment we will ask you for additional information in order to carry out pre-employment checks. Specifically, you'll be required to provide:

Final offer

When the above information has been checked and the offer of employment is confirmed we will ask you for:

Post-start date

On the first day of employment, new members of staff are auto-enrolled into the organisation’s pension scheme and personal information is therefore transferred to our pension provider: Scottish Widows. This information will be your name, date of birth, National Insurance number and salary. You're entitled to opt out of this pension scheme.

The information you provide during the application and offer stage will be retained by us as part of your employee file for the duration of your employment plus six years following the end of your employment.

How long do we keep your information?

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for three months from the end of the recruitment campaign unless you have specifically agreed that your information can be kept in our talent pool for six months in order that we may approach you with details of other vacancies.

If your application is successful, the information you provide during the application and offer process will be retained by us for the duration of your employment plus 6 years following the end of your employment.