NPSS takes the protection of your personal information seriously, we never sell or exchange your information with other organisations.
This policy also outlines your rights about your personal information.
Below we have summarised how we handle your personal information:
NPSS defines personal information as any information which can be used to identify an individual. We collect personal information in a number of different ways; it could be on information you share with us or we may collect information using other means such as through email and our website.
If you attend an NPSS event, for example, we collect and use personal information such as your name, email address and phone number. We also hold details of your marketing communications preferences, along with our communications with you and any communications you have with us.
NPSS needs a lawful reason to collect and use personal information. The law names six legitimate ways that we can process personal data:
As a customer of NPSS we will always ask for explicit consent to send marketing emails. You can withdraw consent at any time by contacting us on 01962 851 747 or by emailing
If you attend one of our training courses, conferences or events, or if you contact us advice or guidance then this can be considered the basis of a contractual relationship which means we provide you with a service. We can only provide you with the most appropriate services if you choose to share some of your personal information with us. We will not share this information without your consent.
The law allows NPSS to legally collect and process personal information if it is necessary for a legitimate business interest of the organisation. However, it must be used in a fair and balanced way that does not impact your rights.
You have the right to object to our lawful processing of your information. To let us know that you no longer want to receive emails from us please telephone us on 01962 435043 or email
We have other legitimate interests holding and processing, these are:
Financial management and control:
Purely administrative purposes:
We collect personal information that you share with us when you contact or interact with us through our website, email, phone, face to face and through our online forms. You can decide not to provide certain information or ask that any information that you have previously shared is removed. For example, you might provide information to us when contacting us, registering for an event or updating your communication preferences. Through these interactions, your name, email address and contact number can be collected.
Under all data protection law in the UK and EU, certain categories of personal data are classified as ‘special category’ or ‘sensitive.’
The following personal data is considered ‘sensitive’ and is subject to specific processing conditions:
At NPSS we do not ask you to provide us with any special category information.
The information we hold is given to us directly by you during your interaction with our website, our services and members of the NPSS team.
In general terms we removed identifiable personal information from our records five years after the date of your last interaction with us. On request, we will delete information except if we have a legal or contractual basis to retain minimal information for example, if you had a reportable accident whilst attending one of our events. We are legally required to retain health and safety records for three years.
We will only send you digital communications once you have told us that you are happy for us to.
If you haven’t previously asked us to send you communications, you can ask us to start contacting you by calling our office on 01962 435043 or emailing
If you have previously said that you would like us to contact you but you want to change or update that, you can do this by calling our offices on 01962 435043 or emailing
If you wish to stop receiving communications from us you can call our office on 01962 435043 or email firstname.lastname@example.org
NPSS doesn’t share, sell or exchange your information with other organisations to be used for their own marketing communications.
When attending training or an event hosted by NPSS we may share your details with the venue. This information is shared solely is for health and safety reasons in the event of an emergency, such as a fire evacuation drill.
We process personal data through two third third party organisations; Hubspot and Dropbox. Hubspot Data is stored and backed up outside of the EU. Where data is stored and backed up outside of the EU we ensure that appropriate technical and organisations safeguards are in place to maintain the safety and integrity of the data. Hubspot is certified on the EU-US Privacy Shield. Dropbox is also registered on the EU-US privacy shield.
The NPSS website is developed and maintained by Thorgate. Data processed and stored via the website is done so within the EU.
We are committed to protecting your personal information. We use appropriate technical and organisational measures, including encryption, to protect personal information and privacy. We protect your information using a combination of physical and IT security controls, including access controls which restrict and mange the way that information is processed, managed and handled. We also make sure that our team is adequately trained in protecting personal information.
In the unlikely event of a security breach which compromises our protection of personal information and we need to let you know, we will do so.
Data protection rights
Where NPSS is using your information with consent, you can withdraw that consent at any time. Just contact our office on 01962 435043 or email
The right to be informed
The right of access
You can write to us asking for what information we hold about you and can request a copy of that information. From May 2018 , once we are sure you have the right to see the requested records we will have one calendar month to comply.
The right to be forgotten
You have the right to request that your information be deleted from our systems and databases in certain circumstances.
The right of rectification
You have the right to ask that we correct and update factually incorrect information that we may hold on you
The right to restrict processing
You have the right to request that we restrict the processing of your personal data in certain circumstances:
The right to data portability
You have the right to data portability. This means that you can ask for and reuse your personal information for your own purposes across different services. It has been designed to allow you to copy of transfer your information from one IT environment to another.
The right to object
You have the absolute right to stop the processing of your personal information, even in circumstances where we may be processing your information under the legitimate interest lawful basis.
How to access your personal data:
The Data Protection Act gives you the right to request access to the information held by an organisation – this is called a Subject Access Request. The FAQs below will help you if you want to access the personal information held about you by Crisis.
How do I make a Subject Access Request (SAR)?
You can make a request by email to , by phoning our office on 01962 435043 or by speaking with one of the team in person.
Confirming your identity
We may have to confirm your identity before we are able to process your request. This is to ensure that we disclose only your personal information to you.
In rare circumstances, if we are not able to confirm who you are from what you share with us, we may have to ask for more formal proof of identity.
Can I make a request on behalf of someone else?
This is only possible in limited circumstances, these are:
What information can I ask for?
You can ask for any information that we hold, but it is helpful and speeds up the process if you can tell us if you are looking for anything specific.
Can I ask for emails?
Yes, it is helpful if you can specify a time period and/ or the name of the person
How will I receive my information?
You can receive it either to an email address of your choice or as a hard copy by post to a specified address, this will always be sent signed-for delivery.
Do I have to pay for my information?
In general, no. However, if you were to make repeat requests or the volume of work is considered excessive, we can charge a reasonable administration fee.
How long does it take?
We aim to process requests as soon as possible, but within one calendar month from the resolution of any enquiries about your identity or the scope of your request. If we find that it is likely to take longer than a month, we will write to you within that month and advise you of the reason and give you a revised date by which you can expect us to complete the request.
What if I think information is missing or I have concerns about how my information has been processed by NPSS?
We will work with you if you have concerns about missing information but please note that we don’t keep information forever and have retention policies governing how long we keep information for.
We would prefer you to raise any concerns about missing information or how your information has been handled with us initially, preferably at your point of contact with the organisation. Your concerns will be acknowledged within three working days and we aim to resolve the issue within 15 working days.
We will consider all concerns raised within a reasonable period of a SAR being completed, up to a maximum of three months after you receive your information.
You can go straight to the regulatory body, the Information Commissioner (ICO), at any time during this review process. The Information Commissioner (ICO) can be contacted at or by phone on 0303 123 1113. The ICO would, however, expect that you have sought to resolve your concerns with us before approaching them.