Nepacs Privacy Policy

Nepacs is committed to protecting the privacy and security of your personal information.

This privacy policy describes how we collect and use personal information about you in accordance with the UK General Data Protection Regulation (UK GDPR).

It contains important information on how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Nepacs collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the UK GDPR which applies throughout the United Kingdom and we are responsible as 'controller' of that personal information for the purposes of those laws.

1.1 What information do we collect?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

On our websites we collect and use personal information (including name, address, telephone number and email) in order to:

  • Respond to queries or requests submitted by you
  • Process orders or applications submitted by you
  • Administer or otherwise carry out our obligations in relation to any agreement you have with us - anticipate and resolve problems with any services supplied to you

1.2 Sensitive personal data

If you apply for employment or volunteer roles, we may ask you to provide sensitive information.  If we request this type of data, we will explain why we are requesting it and how we intend to use it.

Sensitive personal data can include information about your race, ethnic origin, criminal convictions and offences, sexual orientation or religious beliefs.

We will only process your sensitive personal data if you have given your explicit permission.

1.3 Information collected from other sources

We also collect cookies on our site for performance related tasks. You can read about cookies here:

We collect information to analyse the performance of our websites and how different parts of our website are used. We use Google Analytics to do this.

Google Analytics stores information about how users get to our sites and from which device types, how content is being used whilst on the site and how long users spend on our site.

Google Analytics also provides information on interests and demographics of our visitors.

The information is collected using a tag placed on our websites and does not relate to any personally identifiable information being collected.

You can read Googles Data Processing Amendment online here: Data Processing

You can read Googles Data retention policy online here: Data Retention

Nepacs has set our analytics not to expire i.e. the information will be retained in order to allow us to analyse trends in our website usage over time.

1.4 How can I opt-out of this data collection?

If you want to opt out of Google Analytics collection you can install a browser add on from this link: Opt-Out

If you wish to opt out of data collection for demographic and interest date you can do this using Google Ad Settings here: Opt-Out

1.5 Who we share your personal information with

We will share personal information within Nepacs as appropriate in order to respond to your queries or requests.

We will not share your personal information with any other third party and we will only provide your personal information which we consider is necessary for the performance of that reason. We will only share your data outside of Nepacs with your consent or where we are obliged to do so for legal reasons.

1.6 Links to Third Party Sites

The Nepacs website contains links to third-party websites or resources as a convenience for the user. These linked sites are not under the control of Nepacs, and Nepacs cannot be held responsible for the privacy practices of other websites. This privacy policy applies only to our site.

Please check third party websites privacy policies for information relating to those sites.

1.7 Whether we need your consent

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.

1.8 How long your personal information will be kept

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.

- We will hold personal data for the period we are required to retain this information by applicable UK tax law (currently 6 years). In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

- Nepacs has agreed to retain the information collected in Google Analytics indefinitely in order to allow us to analyse trends in our website usage over time. This is not personally identifiable information.

1.9 Personal data about other individuals

If you give us personal data on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can:

- give consent on his/her behalf to the processing of their personal data

- receive on their behalf any data protection notices

2. Your Rights

Under the UK GDPR you have a number of important rights free of charge. Under certain circumstances, you have the right to:

-    Request Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address.

-    Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

-    Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

-    Object to processing of your personal information where we are processing your personal information for direct marketing purposes.

-    Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

-    Object in certain other situations to our continued processing of your personal information.

-    Request the transfer of your personal information to another party.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the UK General Data Protection Regulation which is accessible here: ICO Guidance

In some circumstances you can claim compensation for damages caused by our breach of any data protection laws.

If you would like to exercise any of those rights, please:

  • email, call or write to us at
  • let us have enough information to identify you
  • let us have proof of your identity and address (a copy of your driving licence or
  • passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

To withdraw your consent, please contact: Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

3. Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

4. Data protection officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO by emailing

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

5. Changes to this privacy notice

This privacy notice was last updated on 08th March 2021.

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice on this page

We recommend you read this page each time you use the site to ensure you are satisfied with the privacy conditions under which you provide Nepacs with your personal information and that you are happy with any changes. 

6. How to Contact Us

You can contact our Data Protection Officer at or write to us at Nepacs, 20 Old Elvet, Durham, DH1 3HW