_{NEXUS AMBULANCE GROUP LTD}

_{UK GDPR & DATA PROTECTION NOTICE}

Version: 1.0
Effective Date: January 2026

Nexus Ambulance Group Ltd operates as a subsidiary undertaking of Nexus Network Group Limited, a private limited company registered in the United Kingdom. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Nexus Network Group Limited acts as the Data Controller for personal data processed in connection with the activities of Nexus Ambulance Group Ltd, except where otherwise expressly stated.

This notice explains how personal data is collected, processed, stored, protected, and disclosed in connection with ambulance operations, clinical care, workforce administration, safeguarding responsibilities, and corporate governance functions. It is issued in accordance with Articles 13 and 14 UK GDPR.

Contact for Data Protection Matters

Data Controller:
Nexus Network Group Limited

Data Protection Officer (DPO):
Email: dpo@nexusnetworkgroup.co.uk

All data protection enquiries, subject access requests, rectification requests, erasure requests, or complaints relating to personal data processed by Nexus Ambulance Group Ltd should be directed to the Data Protection Officer at the contact above.

Nexus Network Group Limited, acting as Data Controller, processes personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability. Personal data is processed only where necessary for legitimate and defined purposes connected to the provision of ambulance services, clinical care delivery, safeguarding duties, workforce management, regulatory compliance, and organisational governance.

Personal data processed may include patient identifiers, demographic information, contact details, clinical and medical information, safeguarding records, next-of-kin details, workforce and recruitment records, payroll and contractual information (for paid staff), training and competency records, disciplinary documentation, system identifiers, CCTV data where applicable, and security logs.

Special category data, including health data, is processed strictly where necessary for healthcare provision, safeguarding, employment law compliance, insurance purposes, or substantial public interest grounds in accordance with Articles 6 and 9 UK GDPR and Schedule 1 of the Data Protection Act 2018.

Processing is undertaken on one or more lawful bases, including performance of a contract, compliance with legal obligations, protection of vital interests, performance of tasks carried out in the public interest, and the legitimate interests of Nexus Network Group Limited in ensuring service safety, governance integrity, and regulatory compliance. Where consent is relied upon, it may be withdrawn at any time, subject to overriding legal or clinical retention requirements.

Nexus Network Group Limited maintains records of processing activities in accordance with Article 30 UK GDPR. Access to personal data is restricted to authorised personnel with a legitimate operational need. Appropriate technical and organisational security measures are implemented, including role-based access controls, encryption where appropriate, secure system architecture, audit logging, secure storage, and structured information governance oversight.

Personal data may be shared lawfully with healthcare partners, commissioners, safeguarding authorities, regulators, insurers, payroll providers, legal advisers, IT service providers acting as processors, and other third parties where necessary for clinical care, legal compliance, contractual obligations, or safeguarding purposes. All processors are subject to written data processing agreements in accordance with Article 28 UK GDPR. Personal data is never sold, rented, or commercially exploited.

Personal data breaches are managed in accordance with Articles 33 and 34 UK GDPR. All suspected or confirmed breaches are assessed without delay, documented internally, and reported to the Information Commissioner’s Office within 72 hours where required. Where a breach presents a high risk to individuals’ rights and freedoms, affected individuals will be informed without undue delay.

Individuals have the right, subject to lawful exemptions, to request access to their personal data, request rectification of inaccuracies, request erasure where legally permissible, restrict processing, object to processing in certain circumstances, request data portability where applicable, and lodge a complaint with the Information Commissioner’s Office.

Where personal data is processed solely by an independent third-party controller outside the factual and legal control of Nexus Network Group Limited, the organisation cannot exercise control over that processing. UK GDPR obligations apply to processing actually undertaken by Nexus Network Group Limited within its scope of authority. Where appropriate, individuals will be directed to the relevant independent controller.

Nexus Network Group Limited is established in the United Kingdom and is subject to the regulatory authority of the Information Commissioner’s Office in respect of its processing activities. This notice is governed exclusively by United Kingdom data protection law.

This notice will be reviewed periodically and updated as required to reflect changes in legislation, regulatory guidance, or organisational structure.

© Nexus Ambulance Group Ltd & Nexus Network Group Limited. All rights reserved.

_{PRIVACY POLICY}

_{NEXUS AMBULANCE GROUP LTD}

Last Updated: January 2026

_{1. Purpose, Scope and Legal Standing}

This Privacy Policy is issued in relation to Nexus Ambulance Group Ltd and sets out, in comprehensive and authoritative terms, how personal data is collected, processed, stored, protected, disclosed, and retained in connection with the organisation’s activities.

For the purposes of the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Nexus Network Group Limited acts as the Data Controller for personal data processed in connection with the activities of Nexus Ambulance Group Ltd.

This Policy applies to all personal data processed by or on behalf of Nexus Network Group Limited in its capacity as Data Controller, including processing carried out by Nexus Ambulance Group Ltd as an operational subsidiary, whether such processing occurs electronically, digitally, physically, or through third-party processors acting under written agreement.

This Policy is issued to fulfil transparency obligations under Articles 13 and 14 UK GDPR and reflects the requirements of the Data Protection Act 2018 and guidance issued by the Information Commissioner’s Office (ICO).

This Privacy Policy constitutes the definitive public statement of data protection practice for Nexus Ambulance Group Ltd and supersedes prior privacy notices or informal representations.

_{2. Commitment to Data Protection and Regulatory Compliance}

Nexus Network Group Limited recognises data protection and patient confidentiality as core governance responsibilities.

All processing is conducted in accordance with the principles of:

• Lawfulness, fairness and transparency

• Purpose limitation

• Data minimisation

• Accuracy

• Storage limitation

• Integrity and confidentiality

• Accountability

The organisation operates a privacy by design and privacy by default framework. Systems and operational processes are structured so that personal data is processed only where necessary, for defined lawful purposes, and only to the minimum extent required.

The organisation does not engage in speculative, excessive, or unnecessary data collection.

_{3. Categories of Individuals Whose Data May Be Processed}

Personal data may be processed in relation to:

• Patients and service users

• Next of kin and emergency contacts

• Employees, clinical staff, volunteers, and contractors

• Applicants and candidates

• Commissioners and partner agencies

• Individuals making complaints or safeguarding disclosures

• Visitors to organisational premises (where applicable)

Individuals who interact only passively with publicly available content are not subject to routine data processing beyond minimal technical data required for system functionality and security.

_{4. Categories of Personal Data Processed}

Depending on context, the organisation may process:

• Identifying information (name, address, date of birth, NHS number where applicable)

• Contact details

• Clinical and medical information (special category data)

• Safeguarding information

• Employment, payroll, and HR records

• Recruitment and vetting information

• Training and competency records

• Incident, complaint, and disciplinary documentation

• Technical system identifiers (IP address, device data, system logs)

• CCTV data where used for safety and security

Special category data, including health data, is processed strictly where necessary for the provision of healthcare, safeguarding, employment law compliance, insurance, or substantial public interest purposes under Article 9 UK GDPR and Schedule 1 of the Data Protection Act 2018.

_{5. Lawful Bases for Processing}

Personal data is processed under one or more lawful bases under Article 6 UK GDPR, including:

• Performance of a contract

• Compliance with legal obligations

• Protection of vital interests

• Performance of tasks carried out in the public interest

• Legitimate organisational interests

Special category data is processed under Article 9 UK GDPR where necessary for healthcare provision, safeguarding, employment obligations, insurance, or substantial public interest.

The organisation does not carry out automated decision-making that produces legal or similarly significant effects without appropriate safeguards.

_{6. No Commercial Exploitation of Personal Data}

Personal data is not sold, rented, traded, licensed, or commercially exploited.

The organisation does not use personal data for advertising, marketing profiling, or behavioural tracking unrelated to its operational healthcare functions.

_{7. Data Retention and Storage Limitation}

Personal data is retained only for as long as necessary to fulfil its lawful purpose, including:

• Clinical record retention requirements

• Employment law obligations

• Safeguarding and regulatory compliance

• Insurance and legal limitation periods

Retention is guided by statutory requirements and recognised healthcare records management standards. When no longer required, data is securely deleted, anonymised, or irreversibly destroyed.

_{8. Data Security and Safeguards}

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, loss, destruction, or misuse.

These measures include:

• Role-based access controls

• Secure systems and encryption where appropriate

• Audit logging

• Confidentiality obligations

• Governance oversight

• Secure disposal procedures

Access to personal data is restricted to authorised personnel with legitimate operational need.

_{9. Children and Vulnerable Individuals}

Personal data relating to children and vulnerable individuals is processed only where necessary for healthcare provision, safeguarding, or legal compliance.

Safeguarding duties may override confidentiality where there is a lawful obligation to disclose information to protect individuals from harm.

_{10. Data Sharing and Disclosure}

Personal data may be shared lawfully with:

• NHS bodies and healthcare providers

• Commissioners and partner agencies

• Safeguarding authorities

• Regulatory bodies

• Insurers

• Legal advisers

• IT providers acting as processors

All disclosures are limited to what is necessary and proportionate. Processors are subject to written data processing agreements in accordance with Article 28 UK GDPR.

The organisation does not assume responsibility for processing undertaken by independent third-party controllers outside its factual and legal control.

_{11. Individual Rights}

Subject to lawful exemptions, individuals have the right to:

• Request access to personal data

• Request rectification

• Request erasure where legally permissible

• Restrict or object to processing in certain circumstances

• Request data portability where applicable

• Withdraw consent where consent is relied upon

Requests are handled within statutory time limits and in accordance with UK GDPR and ICO guidance.

_{12. Data Controller and Contact Details}

Data Controller:
Nexus Network Group Limited
United Kingdom

Data Protection Officer (DPO):
📧 dpo@nexusnetworkgroup.co.uk

Individuals may also lodge complaints with the Information Commissioner’s Office.

_{13. Interpretation and Legal Standing}

This Policy provides transparency regarding data protection practices. It does not create contractual rights and does not override applicable law. In the event of conflict, statutory obligations prevail.

This Policy shall be interpreted consistently with UK GDPR principles and the governance framework of Nexus Network Group Limited.

_{14. Review and Authority}

This Privacy Policy forms part of the corporate governance framework of Nexus Network Group Limited and Nexus Ambulance Group Ltd. It remains in force unless formally amended and republished.

© Nexus Network Group Limited & Nexus Ambulance Group Ltd. All rights reserved.

If you would like, I can now:

• Produce a separate Patient Privacy Notice (public-facing, plain English)

• Produce a Workforce Privacy Notice (staff-specific)

• Add CQC and NHS DSPT alignment wording.

_{NEXUS AMBULANCE GROUP LTD}

_{MASTER HEALTH & SAFETY POLICY}

(Statement of Intent, Organisation and Arrangements)

_{DOCUMENT CONTROL}

This document is titled Master Health & Safety Policy and applies to Nexus Ambulance Group Ltd, a private limited company operating within the United Kingdom.

Ownership of this policy rests with the Executive Leadership Team of Nexus Ambulance Group Ltd, who hold responsibility for its approval, implementation, monitoring, and review. Health and safety governance, advisory oversight, compliance monitoring, and internal audits are conducted directly by Nexus Ambulance Group Ltd through its appointed competent persons and internal governance framework.

This document is issued as Version 1.0, is currently active, was approved in January 2026, and is scheduled for formal review twelve months from the date of approval or earlier where required.

This policy applies to all employees, volunteers, contractors, agency personnel, and any other persons who may be affected by the activities of Nexus Ambulance Group Ltd.

1. STATEMENT OF INTENT

Nexus Ambulance Group Ltd recognises and accepts its responsibilities under the Health and Safety at Work etc. Act 1974, together with all associated regulations, approved codes of practice, and relevant guidance applicable to the nature and scale of its ambulance and healthcare operations.

The organisation is committed to ensuring, so far as is reasonably practicable, the health, safety, and welfare of its employees, volunteers, and contractors, and to protecting patients, service users, visitors, partner agencies, and members of the public who may be affected by its activities.

Health and safety is a fundamental component of clinical governance, corporate governance, and executive leadership accountability. Effective health and safety management is essential to lawful operation, patient safety, workforce wellbeing, and the prevention of injury, occupational illness, operational disruption, and reputational harm.

This policy establishes the overarching framework for health and safety management within Nexus Ambulance Group Ltd and defines the structure by which risks are identified, assessed, controlled, reviewed, and monitored.

Nothing in this policy creates absolute duties or guarantees outcomes. All duties are qualified by the principle of reasonable practicability and by the extent of the organisation’s control or influence, in accordance with UK legislation and established legal principles.

_{2. SCOPE AND APPLICATION}

This policy applies to all activities undertaken by or on behalf of Nexus Ambulance Group Ltd.

It applies to:

• Operational ambulance services

• Patient transport activities

• Clinical care delivery

• Administrative and governance functions

• Remote or hybrid working arrangements

• Training and development activities

• Contractor and partner engagement

The policy applies to routine and foreseeable non-routine operations.

_{3. ORGANISATIONAL POSITION ON DUTY OF CARE}

Nexus Ambulance Group Ltd acknowledges that its duty of care is defined by statute and case law and extends only to what is reasonably practicable and within the organisation’s control or influence.

The organisation does not accept responsibility for matters outside its operational control, including private domestic environments except where specific equipment or work activities are directed by the organisation.

The organisation recognises that risk cannot be eliminated entirely. Some degree of inherent risk exists in healthcare and ambulance operations. The objective is risk reduction to a level that is as low as reasonably practicable (ALARP).

The organisation will:

• Identify foreseeable hazards

• Conduct suitable and sufficient risk assessments

• Implement proportionate control measures

• Provide appropriate information, instruction, training, and supervision

• Respond promptly to incidents, near misses, and reported hazards

_{4. ORGANISATION AND RESPONSIBILITIES}

_{Executive Leadership Team}

The Executive Leadership Team holds ultimate accountability for health and safety performance.

The Team is responsible for:

• Ensuring implementation and review of this policy

• Allocating sufficient financial, human, and operational resources

• Appointing competent persons for health and safety advice

• Reviewing performance, incidents, trends, and audit findings

• Ensuring corrective actions are implemented

Ultimate responsibility for health and safety rests with the Executive Leadership Team.

_{Managers and Supervisors}

Managers and supervisors are responsible for:

• Day-to-day implementation of health and safety arrangements

• Completing and reviewing risk assessments

• Ensuring safe systems of work are followed

• Providing supervision and instruction

• Investigating incidents and near misses

• Ensuring compliance with clinical and operational safety standards

_Employees

Employees must:

• Take reasonable care of their own health and safety and that of others

• Cooperate with organisational safety measures

• Follow instructions and training

• Use equipment appropriately

• Report hazards, incidents, near misses, or unsafe practices promptly

Failure to comply may result in disciplinary action.

_Volunteers

Volunteers must comply with the same safety expectations as employees within the scope of their role.

Where volunteers operate remotely or from private premises, they remain responsible for ensuring their immediate working environment is safe. The organisation will provide guidance where appropriate but does not assume general responsibility for domestic premises.

_{Contractors and Third Parties}

Contractors must:

• Demonstrate competence

• Comply with health and safety requirements

• Cooperate with Nexus Ambulance Group Ltd

• Avoid creating risks to patients, staff, or the public

Contractors remain responsible for their own statutory duties.

_{5. ARRANGEMENTS FOR HEALTH AND SAFETY MANAGEMENT}

Nexus Ambulance Group Ltd ensures that suitable and sufficient risk assessments are conducted for activities under its control.

Control measures may include:

• Safe systems of work

• Clinical protocols

• PPE provision

• Vehicle safety standards

• Infection prevention and control measures

• Lone working safeguards

• Manual handling procedures

• Training and competency validation

All accidents, incidents, near misses, and dangerous occurrences must be reported immediately through internal reporting systems.

Investigations will be proportionate to risk and severity. Where applicable, statutory reporting obligations under RIDDOR will be met.

The organisation recognises mental health and wellbeing as part of health and safety and will take reasonable steps to manage foreseeable work-related stress risks.

Fire safety and emergency planning arrangements are implemented within operational premises and vehicles.

_{6. INTERNAL COMPETENT ADVICE AND AUDIT}

Health and safety advisory functions, compliance monitoring, and audit activities are conducted internally by Nexus Ambulance Group Ltd through appointed competent persons within the organisation.

Internal audits are undertaken periodically to assess:

• Compliance with legislation

• Effectiveness of risk control measures

• Incident trends

• Training compliance

• Clinical and operational safety standards

Findings are reviewed by senior leadership and corrective actions are monitored to completion as part of continuous improvement.

Statutory duties remain with Nexus Ambulance Group Ltd at all times.

_{7. MONITORING AND REVIEW}

Health and safety performance is monitored through:

• Incident reporting data

• Risk assessment reviews

• Internal audits

• Training compliance checks

• Staff feedback

• Governance review meetings

This policy will be reviewed:

• Annually

• Following significant organisational change

• After serious incidents

• Following regulatory findings

_{8. POLICY STATUS}

This document constitutes the authoritative Health & Safety Policy of Nexus Ambulance Group Ltd.

All supporting procedures, guidance, and appendices must align with this policy and do not override its principles or limitations.

_{FORMAL APPROVAL}

Approved and adopted by the Executive Leadership Team
Nexus Ambulance Group Ltd

Signed:
Executive Leadership Team
Nexus Ambulance Group Ltd

Version: 1.0
Effective Date: January 2026
Review Cycle: Annual

Nexus Ambulance Group Ltd affirms its absolute and unequivocal commitment to safeguarding and promoting the welfare, safety, dignity, and wellbeing of children, young people, and adults at risk who come into contact with the organisation through its ambulance services, patient transport operations, clinical care activities, training environments, or any function carried out under its authority. Safeguarding is a fundamental and non-delegable organisational responsibility embedded within clinical governance, corporate governance, and executive leadership accountability. The welfare of the individual is paramount and takes precedence over operational convenience, reputational considerations, hierarchy, or financial interests. Where there is risk of harm, safeguarding obligations override confidentiality and internal process.

This policy applies to all employees, volunteers, contractors, agency personnel, directors, executive leaders, students, and any individual acting on behalf of Nexus Ambulance Group Ltd. It applies across all operational contexts including emergency response, non-emergency patient transport, community-based care, clinical assessment, and organisational premises or vehicles. Safeguarding responsibilities extend to all activities where the organisation provides healthcare, interacts with patients, or exercises professional authority.

For the purposes of this policy, a child or young person is defined as any individual under the age of eighteen years. An adult at risk is defined as a person aged eighteen or over who has needs for care and support and who, as a result of those needs, is unable to protect themselves from abuse or neglect or the risk of it. Safeguarding refers to all actions taken to protect children and adults at risk from abuse, neglect, exploitation, coercion, discrimination, radicalisation, self-neglect, or other forms of maltreatment, and to promote their welfare, rights, and autonomy.

Abuse may include physical abuse, emotional or psychological abuse, sexual abuse, financial or material abuse, neglect or acts of omission, domestic abuse, organisational or institutional abuse, modern slavery, discriminatory abuse, online abuse, and self-neglect in the case of adults. Abuse may occur as a single act or repeated acts and may arise in any setting, including private homes, healthcare environments, public spaces, or digital contexts. Nexus Ambulance Group Ltd adopts a zero-tolerance approach to abuse in all forms.

This policy operates in accordance with applicable safeguarding legislation and statutory guidance within the United Kingdom, including the Children Act 1989 and 2004, the Care Act 2014, the Mental Capacity Act 2005, the Domestic Abuse Act 2021, the Sexual Offences Act 2003, relevant devolved legislation in Scotland, Wales, and Northern Ireland, and associated statutory guidance. It operates alongside the Data Protection Act 2018 and UK GDPR, recognising that lawful and proportionate information sharing is essential to protect individuals from harm.

Nexus Ambulance Group Ltd maintains a clear safeguarding governance structure. Designated Safeguarding Leads (DSLs) are appointed with authority to receive and assess safeguarding concerns, provide advice and guidance to staff, initiate referrals to local authority safeguarding teams, liaise with police and regulatory bodies, implement interim protective measures, and ensure accurate and secure record keeping. Safeguarding authority cannot be overridden by operational or managerial considerations. Ultimate accountability for safeguarding rests with the Executive Leadership Team.

All staff and representatives have a personal responsibility to remain vigilant to safeguarding risks, maintain appropriate professional boundaries, and report concerns without delay. No individual may assume that another person will take responsibility for reporting. Staff must act as positive role models, avoid inappropriate relationships, and must not misuse authority, trust, or influence. Exploitative behaviour, coercion, grooming, or inappropriate contact with children or adults at risk is strictly prohibited and may result in immediate removal from duties and referral to statutory or regulatory authorities.

Staff must be able to recognise indicators of abuse, which may include unexplained injuries, behavioural changes, fearfulness, withdrawal, signs of neglect, financial irregularities, coercive control, inappropriate sexualised behaviour, unsafe living conditions, or direct disclosure of harm. Concerns must never be dismissed due to uncertainty, seniority of the alleged perpetrator, or perceived reputational impact.

All safeguarding concerns must be reported immediately to a Designated Safeguarding Lead. Where an individual is believed to be in immediate danger, emergency services must be contacted without delay. Reports must be factual, objective, accurate, and contemporaneous. The organisation will respond proportionately and urgently, listening carefully, avoiding leading questions, recording information accurately, assessing risk, and making referrals to statutory authorities where required. Confidentiality will be respected but cannot be guaranteed where disclosure is necessary to protect an individual from harm.

In relation to adults, staff must apply the principles of the Mental Capacity Act 2005, presuming capacity unless proven otherwise, supporting individuals to make decisions, recognising the right to make unwise decisions, acting in best interests where capacity is lacking, and using the least restrictive option. Where an adult with capacity declines safeguarding intervention, this will generally be respected unless there is risk to others, a serious crime has occurred, coercion is suspected, or the public interest justifies disclosure.

Allegations against staff, volunteers, or representatives are treated as serious safeguarding matters. Protective measures may include immediate restriction of duties, suspension, referral to police, referral to professional regulators, and notification to commissioners where appropriate. Investigations will be conducted fairly, lawfully, and proportionately.

Safeguarding information is shared only where lawful, necessary, and proportionate. The safety and welfare of the individual override confidentiality where serious risk exists. Records relating to safeguarding concerns are securely stored, access-restricted, factual, auditable, and retained in accordance with statutory and regulatory requirements.

All staff must complete mandatory safeguarding training appropriate to their role and refresh that training periodically. Managers are responsible for ensuring safeguarding competence is maintained and embedded into operational practice. Safeguarding compliance is monitored continuously, reviewed following incidents, audited at Executive level, and integrated into the organisation’s clinical governance framework. Learning from safeguarding incidents informs continuous improvement.

This Integrated Safeguarding Policy is authoritative and binding across Nexus Ambulance Group Ltd and forms part of the organisation’s governance framework. It remains in force unless formally amended and will be reviewed annually or sooner if legislative or operational changes require revision.

© Nexus Ambulance Group Ltd. All rights reserved.

_{ASSET PROTECTION, OWNERSHIP, GOVERNANCE, AND NON-TRADING POLICY}

_{NEXUS AMBULANCE GROUP LTD}

Version: 1.0
Effective Date: January 2026
Governing Law: Scotland

_{1. Authority, Purpose, and Supremacy}

This Asset Protection, Ownership, Governance, and Non-Trading Policy (“the Policy”) is issued by Nexus Ambulance Group Ltd under the authority of its governing body and forms a core and inseparable part of the organisation’s corporate governance framework.

The purpose of this Policy is to define with clarity the ownership, control, custody, permitted use, and protection of all organisational assets; to prevent unauthorised use, diversion, misappropriation, or encumbrance; to eliminate ambiguity concerning rights or entitlement; and to confirm the organisation’s operational structure and financial governance position.

This Policy is binding on all persons to whom it applies and takes precedence over any verbal statement, informal practice, historic arrangement, tolerated behaviour, online communication, role description, onboarding material, assumption, or expectation inconsistent with its terms.

No failure, delay, or selective enforcement shall constitute waiver. No individual may rely on silence, past conduct, or informal assurance as evidence of ownership, licence, entitlement, or consent.

_{2. Corporate Form and Governance Position}

Nexus Ambulance Group Ltd operates as a private limited company incorporated in the United Kingdom and is governed by its Articles of Association and applicable company law. Where Nexus Network Group Limited acts as parent or holding entity, ownership of Nexus Ambulance Group Ltd rests with that parent structure in accordance with corporate records and statutory filings.

Directors act in a fiduciary capacity and hold responsibility for stewardship, compliance, and governance oversight. Directors do not personally own organisational assets by virtue of office. No officer, employee, volunteer, or representative acquires proprietary rights in organisational property through service, contribution, seniority, or duration of involvement.

The organisation operates as a non-profit-distributing healthcare provider. Surpluses, if generated, are retained solely for reinvestment into operational capability, clinical improvement, infrastructure, training, and governance enhancement. No asset or income of the organisation may be distributed to individuals except for lawful salary, contractual payment, or authorised expense reimbursement.

_{3. Persons Bound}

This Policy applies to all:

• Directors and executive officers

• Employees (paid staff)

• Volunteers

• Contractors and consultants

• Agency personnel

• Students and trainees

• Any individual granted access to organisational systems, vehicles, equipment, intellectual property, data, or branding

Acceptance of this Policy occurs by conduct. Any person who accesses, uses, manages, contributes to, or represents Nexus Ambulance Group Ltd is deemed to have accepted and agreed to be bound by this Policy.

_{4. Definition of Organisational Assets}

For the purposes of this Policy, “Assets” includes all tangible and intangible property owned, leased, licensed, controlled, or used by Nexus Ambulance Group Ltd, whether existing now or created in the future.

Assets include, without limitation:

• Ambulance vehicles and transport units

• Medical equipment and clinical supplies

• Uniforms, PPE, and operational kit

• IT systems, servers, databases, and software

• Electronic health record systems

• Communication systems and radios

• Policies, procedures, manuals, and documentation

• Branding, logos, trade names, domain names, and goodwill

• Intellectual property, training materials, media content

• Contracts, agreements, and service frameworks

• Financial records and accounting systems

• Access credentials and security infrastructure

This definition is intentionally broad and shall not be interpreted narrowly.

_{5. Absolute Ownership and Custodial Control}

All Assets are owned solely and exclusively by Nexus Ambulance Group Ltd or, where applicable, its lawful corporate parent.

No individual acquires legal title, beneficial interest, equitable interest, joint ownership, or residual rights in any Asset by virtue of creation, management, funding, development, operational responsibility, or contribution.

Where Assets are registered, hosted, stored, or administered via individual accounts, credentials, or devices, such holding is deemed custodial only and undertaken strictly on behalf of the organisation. Custodial control does not create leverage, ownership, or entitlement.

Upon request or termination of involvement, individuals must immediately transfer control, surrender credentials, return equipment, and provide full cooperation. Refusal, obstruction, or conditional transfer constitutes misconduct and may give rise to legal remedies.

_{6. Intellectual Property}

All intellectual property created in connection with Nexus Ambulance Group Ltd vests automatically and irrevocably in the organisation to the fullest extent permitted by law. This includes policies, procedures, clinical protocols, branding materials, software configurations, training materials, written works, and derivative works.

Where intellectual property cannot vest automatically, this Policy operates as a present and future assignment of rights. Contributors waive moral rights to the extent permitted by law.

No implied licence or reuse right exists unless expressly granted in writing by authorised corporate authority.

_{7. Prohibition on Unauthorised Commercial Exploitation}

Organisational Assets must not be:

• Sold

• Encumbered

• Licensed for personal benefit

• Used for private commercial gain

• Monetised outside authorised corporate decision-making

No individual may extract value, fees, commissions, platform credits, or indirect financial benefit from organisational property without lawful authorisation and proper governance approval.

Any unauthorised commercial exploitation constitutes serious misconduct and potential breach of fiduciary duty.

_{8. Executive Authority and Limits}

Directors and Executive Officers act in fiduciary and custodial capacity only. They have no personal ownership interest in Assets and may not:

• Divert organisational property

• Use Assets for personal benefit

• Dispose of Assets outside lawful authority

• Alter the organisation’s non-profit-distributing governance position without lawful corporate procedure

Any action taken beyond lawful authority is void and may result in personal liability.

_{9. Access and Termination}

Access to Assets is conditional, role-specific, and revocable at any time.

Upon termination of employment, volunteer status, or contractual engagement:

• All access rights cease immediately

• Equipment must be returned

• Data copies must be deleted

• Credentials must be surrendered

• Confidentiality obligations remain in force

Ownership, intellectual property rights, confidentiality, and enforcement provisions survive termination indefinitely.

_{10. Enforcement and Remedies}

Nexus Ambulance Group Ltd may enforce this Policy through:

• Disciplinary proceedings

• Termination of employment or engagement

• Civil recovery of assets

• Injunctive relief

• Regulatory referral

• Criminal complaint where appropriate

Remedies are cumulative and non-exclusive.

_{11. Governing Law and Jurisdiction}

This Policy is governed by and construed in accordance with the law of Scotland. The Scottish courts shall have exclusive jurisdiction.

_{Final Declaration}

This Policy is comprehensive, protective, and binding. Any individual unwilling to accept these terms must not access, manage, contribute to, or interact with Nexus Ambulance Group Ltd or its Assets.

Nexus Ambulance Group Ltd
Asset Protection, Ownership, Governance, and Non-Trading Policy

© Nexus Ambulance Group Ltd. All rights reserved.

_{COMPANY STATUS, NON-DISTRIBUTION DECLARATION & GOVERNANCE POLICY}

_{NEXUS AMBULANCE GROUP LTD}

Company Number: SC866185
SIC Code: 86900 – Other Human Health Activities

Version: 1.0
Last Updated: January 2026

_{1. Legal Status and Corporate Form}

Nexus Ambulance Group Ltd is a body corporate incorporated in Scotland under the Companies Act 2006 and is registered under company number SC866185. The Company operates under Standard Industrial Classification (SIC) code 86900 – Other Human Health Activities.

The Company is constituted as a private limited company. Its governance, powers, and limitations are defined exclusively by the Companies Act 2006, its Articles of Association, and all other applicable UK statutory instruments and regulatory requirements.

The Company is not constituted for the purpose of generating distributable profits for private individuals. No provision exists within its constitutional framework for the distribution of dividends, surplus assets, or capital to directors, officers, or connected persons except in accordance with lawful salary, contractual payment, or reimbursement of properly incurred expenses.

No interpretation of the Company’s structure shall be construed as creating personal ownership of corporate assets by directors, officers, employees, or representatives.

_{2. Nature of Business and Operational Scope}

Nexus Ambulance Group Ltd operates within the healthcare sector under SIC code 86900 – Other Human Health Activities. The Company provides ambulance-related and associated healthcare services in accordance with applicable regulatory, statutory, and clinical governance requirements.

The Company may lawfully provide services, enter into contracts, receive payments for services rendered, and meet its financial obligations as required for operational sustainability. All such activities are conducted within the legal framework governing private limited companies and healthcare providers in the United Kingdom.

The Company does not operate for the purpose of private enrichment. Any surplus arising from lawful operations is retained exclusively for reinvestment into:

• Clinical improvement

• Operational capability

• Infrastructure and equipment

• Workforce development

• Regulatory compliance

• Organisational sustainability

No surplus may be distributed to directors or officers beyond lawful remuneration.

_{3. Non-Distribution and Governance Declaration}

Nexus Ambulance Group Ltd makes a formal declaration that it operates on a non-profit-distributing basis.

The Company may lawfully trade within its registered SIC classification and operational remit. However, it does not operate as a profit-extracting vehicle for private individuals. No dividends are declared unless expressly permitted under its Articles of Association and consistent with statutory and fiduciary duties.

Directors owe fiduciary duties under the Companies Act 2006 and must:

• Act within powers

• Promote the success of the Company

• Exercise independent judgment

• Avoid conflicts of interest

• Avoid unauthorised personal benefit

Any attempt to divert assets, misuse funds, or operate outside lawful corporate authority constitutes a breach of duty and may result in personal liability.

_{4. Distinction Between Trading, Non-Distribution, and Tax Status}

For clarity, the concepts of “trading,” “non-profit distribution,” and “dormancy” are legally distinct.

Nexus Ambulance Group Ltd operates under SIC 86900 and may carry out lawful healthcare-related trading activities. Such activity does not imply private profit distribution.

The Company’s tax position is determined independently by HM Revenue & Customs (HMRC) under Corporation Tax legislation. The Company acknowledges that HMRC applies its own statutory tests to determine trading status, reporting requirements, and tax liabilities.

The Company will comply fully and promptly with:

• Corporation Tax registration requirements

• Corporation Tax returns

• PAYE obligations

• VAT registration (if thresholds are met)

• Any other applicable statutory financial reporting

Compliance with tax law is continuous and subject to ongoing review.

_{5. Financial Conduct and Application of Funds}

All funds received by Nexus Ambulance Group Ltd, including:

• Contractual service payments

• Grants

• Donations

• Reimbursements

• Insurance proceeds

• Other lawful receipts

are applied exclusively toward legitimate corporate purposes, including operational delivery, compliance, staffing costs, infrastructure, and sustainability.

No funds may be applied for personal enrichment outside lawful salary, contractual remuneration, or expense reimbursement.

Financial records are maintained accurately and transparently in accordance with statutory accounting obligations.

_{6. Objects, Purpose and Limitations}

The Company exists to provide ambulance and healthcare-related services and to maintain appropriate governance, compliance, and clinical oversight.

Activities outside the lawful objects of the Company are neither authorised nor permitted.

Nothing in this policy authorises unlawful trading, regulatory breach, or deviation from healthcare governance requirements.

_{7. Governance and Accountability}

Nexus Ambulance Group Ltd operates in continuous compliance with:

• The Companies Act 2006

• Its Articles of Association

• Companies House filing requirements

• Applicable healthcare regulation

• HMRC obligations

• Employment law

• Data protection law

• Health and safety legislation

Directors are collectively and individually responsible for ensuring lawful operation, accurate statutory filings, and maintenance of proper governance controls.

The Company maintains internal oversight mechanisms to ensure financial integrity, regulatory compliance, and operational accountability.

_{8. Transparency and Reliance}

This policy is published to provide accurate and authoritative clarification of the Company’s legal status, governance structure, and financial conduct principles.

Any reliance placed upon this policy by regulators, partners, stakeholders, financial institutions, or members of the public is reasonable insofar as it reflects the Company’s constitutional documents and compliance commitments.

In the event of conflict between this policy and statute, statutory law prevails.

_{9. Version Control and Review}

Version 1.0 – January 2026
Initial consolidated governance edition.

This policy remains authoritative as of the date stated and supersedes prior informal representations. It will be reviewed periodically and amended only where required by changes in legislation, regulatory guidance, or corporate structure.

© Nexus Ambulance Group Ltd. All rights reserved.

_{EQUALITY, DIVERSITY & INCLUSION (EDI) POLICY}

_{NEXUS AMBULANCE GROUP LTD}

(Issued in accordance with the Equality Act 2010 and UK company governance standards)

Version: 1.0
Effective Date: January 2026
Review Cycle: Annual

_{1. Policy Purpose, Status and Intent}

Nexus Ambulance Group Ltd (“the Company”) is a private limited company registered in the United Kingdom and operating within the healthcare sector. This Equality, Diversity & Inclusion Policy (“the Policy”) establishes the Company’s formal and authoritative position on equality of opportunity, non-discrimination, dignity, and inclusive conduct.

The Company is unequivocally committed to full compliance with the Equality Act 2010, all associated statutory obligations, regulatory guidance, and relevant case law applicable within the United Kingdom. Equality, diversity, and inclusion are recognised as fundamental to lawful healthcare provision, patient safety, workforce wellbeing, and responsible corporate governance.

This Policy forms part of the Company’s governance framework. Compliance is mandatory for all persons and entities to whom it applies. Failure to comply may result in disciplinary action, removal from role, termination of engagement, exclusion from participation, or referral to external authorities where appropriate.

Nothing within this Policy overrides statutory protections. In the event of ambiguity, the Equality Act 2010 and applicable law shall prevail.

_{2. Scope of Application}

This Policy applies to all individuals engaged with, representing, or participating in Nexus Ambulance Group Ltd in any capacity, including:

• Directors and Executive Officers

• Employees and workers

• Volunteers

• Contractors and agency personnel

• Students and trainees

• Applicants for employment or volunteering

• Service users and individuals accessing Company services

The Policy applies across all operational and organisational environments, including:

• Ambulance and patient transport services

• Clinical care settings

• Training environments

• Governance processes

• Recruitment and workforce management

• Communication systems

• Organisational premises and vehicles

Compliance with this Policy is a condition of employment, engagement, or participation.

_{3. Legal Framework and Protected Characteristics}

Nexus Ambulance Group Ltd recognises and adopts the protected characteristics defined under Part 2 of the Equality Act 2010. Discrimination, harassment, or victimisation based on any protected characteristic is unlawful and strictly prohibited.

Protected characteristics include:

• Age

• Disability

• Gender reassignment

• Marriage and civil partnership

• Pregnancy and maternity

• Race (including colour, nationality, ethnic origin, and national origin)

• Religion or belief

• Sex

• Sexual orientation

• 
  

Prohibited conduct includes direct discrimination, indirect discrimination, harassment, victimisation, discriminatory instructions, and failure to make reasonable adjustments where required by law.

Conduct may be unlawful regardless of intent. Lack of malicious intent does not excuse discriminatory effect.

_{4. Equality of Opportunity and Lawful Decision-Making}

The Company is committed to ensuring equality of opportunity in all aspects of its operations, including recruitment, appointment, promotion, allocation of duties, access to training, performance management, disciplinary action, and service provision.

Decisions must be lawful, objective, proportionate, and based on merit, competence, capability, behaviour, and legitimate operational requirements. Protected characteristics must not influence decision-making except where specific lawful exemptions apply under the Equality Act 2010.

The Company will take reasonable and proportionate steps to remove barriers to participation and will make reasonable adjustments for disabled individuals where required by law. Adjustments will be assessed individually, considering reasonableness, practicality, clinical safety, and operational context.

_{5. Respect, Dignity and Behavioural Standards}

All individuals must treat colleagues, patients, service users, and members of the public with dignity and respect.

Conduct must be lawful, professional, inclusive, and non-discriminatory. Behaviour, language, or actions that may reasonably be perceived as discriminatory, hostile, degrading, humiliating, intimidating, or offensive are prohibited.

Bullying, exclusion, intimidation, or conduct that undermines equality and inclusion is not tolerated, even where no protected characteristic is explicitly referenced.

_{6. Harassment and Victimisation}

Harassment is defined as unwanted conduct related to a protected characteristic that violates a person’s dignity or creates an intimidating, hostile, degrading, humiliating, or offensive environment.

Victimisation occurs where an individual is subjected to detriment because they have raised a concern, made a complaint, supported another’s complaint, or asserted rights under equality legislation.

Harassment and victimisation are treated as serious breaches of this Policy and may result in disciplinary action up to and including dismissal or termination of engagement.

_{7. Reporting, Investigation and Enforcement}

Any individual who experiences, witnesses, or reasonably suspects conduct that may breach this Policy is expected to report the matter through appropriate reporting channels.

Reports will be handled impartially, investigated proportionately, and treated confidentially so far as practicable and lawful.

Retaliation against individuals raising concerns in good faith is strictly prohibited and constitutes serious misconduct.

Where breaches are substantiated, appropriate corrective and disciplinary action will be taken.

_{8. Responsibilities and Accountability}

Equality, diversity, and inclusion are shared responsibilities across Nexus Ambulance Group Ltd.

All individuals must comply with this Policy and conduct themselves lawfully.

Directors, managers, and senior leaders have an enhanced responsibility to:

• Promote inclusive practice

• Prevent discriminatory conduct

• Ensure fair decision-making

• Address concerns promptly

The Executive Leadership Team holds ultimate accountability for oversight, monitoring, and review.

_{9. Interaction With Other Policies}

This Policy operates alongside:

• Safeguarding Policies

• Disciplinary and Conduct Policies

• Whistleblowing Procedures

• Data Protection and Privacy Policies

• Health and Safety Policies

Where overlap exists, the highest applicable legal and governance standard applies.

_{10. Monitoring and Review}

Compliance with this Policy will be monitored through governance oversight, workforce processes, complaint handling, and training compliance.

The Policy will be reviewed annually, upon legislative change, or following significant incidents requiring review.

_{11. Document Control}

Document Title: Equality, Diversity & Inclusion (EDI) Policy
Organisation: Nexus Ambulance Group Ltd
Version: 1.0
Approved By: Executive Leadership Team
Effective Date: January 2026
Next Review: January 2027

© Nexus Ambulance Group Ltd. All rights reserved.

_{Whistleblowing Policy}

Nexus Network Group Limited

_{1. Purpose, Status and Policy Intent}

Nexus Network Group Limited (“the Company”) is committed to conducting its activities with integrity, transparency, and accountability. This Whistleblowing Policy establishes the framework through which individuals are encouraged and enabled to raise concerns about wrongdoing, misconduct, or unsafe practices in a responsible and protected manner.

The purpose of this Policy is to provide a clear mechanism for reporting serious concerns, to ensure that such concerns are addressed appropriately, and to protect individuals who raise concerns in good faith from retaliation or detriment.

This Policy is issued in accordance with the Public Interest Disclosure Act 1998 and relevant UK governance standards. It forms part of the Company’s governance framework and applies alongside other conduct, safeguarding, and complaints policies.

_{2. Scope and Application}

This Policy applies to all individuals who engage with, represent, or act on behalf of Nexus Network Group Limited in any capacity.

This includes, without limitation, Directors, Members, Executive Officers, employees, workers, volunteers, contractors, moderators, administrators, role-holders with delegated authority, and service providers.

This Policy applies regardless of whether the individual raising a concern is currently engaged with the Company or has ceased involvement, provided the concern relates to matters arising during their involvement.

_{3. What Is Whistleblowing}

Whistleblowing refers to the disclosure of information which an individual reasonably believes shows wrongdoing, malpractice, or risk in the public interest.

Concerns that may fall within the scope of this Policy include, but are not limited to, criminal activity, fraud, theft, or financial mismanagement; safeguarding failures or risks to children or vulnerable persons; breaches of legal or regulatory obligations; serious breaches of Company policies or governance requirements; health and safety risks; abuse of authority; corruption; conflicts of interest; misuse or misappropriation of Company assets; data protection or information security failures; and deliberate concealment of any of the above.

This Policy is not intended to replace routine grievance, disciplinary, or complaints procedures where those are more appropriate. However, where an individual reasonably believes that an issue is serious, systemic, or cannot be addressed through normal channels, this Policy applies.

_{4. Principles Governing Whistleblowing}

Nexus Network Group Limited is committed to ensuring that individuals who raise concerns in good faith are treated fairly and protected.

The Company encourages a culture in which concerns can be raised without fear. All disclosures will be taken seriously, assessed objectively, and handled proportionately.

Concerns may be raised even where proof is not available, provided the disclosure is made honestly and with a reasonable belief that the information disclosed is true.

Malicious, knowingly false, or bad-faith disclosures are not protected under this Policy and may result in action being taken.

_{5. Protection Against Detriment and Retaliation}

No individual who raises a concern in good faith under this Policy shall be subjected to retaliation, victimisation, harassment, discrimination, or any other form of detriment as a result of doing so.

Any retaliation against a whistleblower will itself be treated as a serious breach of Company policy and may result in disciplinary action, removal from role, or other appropriate measures.

Protection under this Policy applies regardless of whether the concern is ultimately substantiated, provided it was raised honestly and in good faith.

_{6. Confidentiality and Anonymity}

The Company will take all reasonable steps to protect the confidentiality of individuals who raise concerns under this Policy.

Disclosures will be handled sensitively, and information will be shared only where necessary to investigate the concern, comply with legal obligations, or protect individuals from harm.

Anonymous disclosures will be accepted and considered. However, individuals are encouraged to provide contact details where possible, as anonymity may limit the Company’s ability to investigate fully or provide feedback.

_{7. How to Raise a Whistleblowing Concern}

Concerns may be raised through appropriate internal governance channels. Individuals are encouraged, where possible, to raise concerns with a member of the Executive Leadership Team or another senior role-holder independent of the issue being reported.

Where a concern involves senior leadership, safeguarding matters, or where the individual reasonably believes that internal reporting is inappropriate or unsafe, the concern may be escalated directly to an appropriate external authority.

Concerns should be raised as soon as reasonably practicable and should include sufficient detail to allow the matter to be assessed, including relevant facts, dates, and context.

_{8. Assessment, Investigation and Response}

All whistleblowing disclosures will be assessed promptly to determine the appropriate course of action.

Where appropriate, an investigation will be undertaken in a proportionate, impartial, and confidential manner. Investigations may be conducted internally or with external assistance where necessary.

The Company will take appropriate corrective action where wrongdoing is identified. This may include governance action, disciplinary measures, safeguarding escalation, policy changes, or referral to external authorities.

While confidentiality constraints may limit the level of detail shared, the Company will endeavour to provide feedback to the whistleblower where practicable.

_{9. External Reporting}

Nothing in this Policy prevents individuals from making disclosures to prescribed external bodies in accordance with the Public Interest Disclosure Act 1998, including regulatory authorities, safeguarding agencies, or law enforcement, where appropriate.

The Company encourages internal reporting in the first instance where it is safe and reasonable to do so but recognises that this may not always be appropriate.

_{10. Interaction With Other Policies}

This Policy operates alongside the Company’s Safeguarding & Child Protection Policy, Equality, Diversity & Inclusion Policy, Code of Conduct, Complaints Procedure, Disciplinary Framework, and Data Protection and Privacy policies.

Where overlap exists, the most protective and appropriate procedure shall apply.

_{11. Governance, Oversight and Review}

The Executive Leadership Team of Nexus Network Group Limited holds responsibility for oversight of this Policy and for ensuring that whistleblowing concerns are handled appropriately.

This Policy will be reviewed periodically to ensure continued compliance with legislation, regulatory guidance, and best practice. It may be updated where necessary to reflect organisational or legal change.

_{12. Policy Status and Document Control}

This document is the Whistleblowing Policy of Nexus Network Group Limited. It is approved and adopted by the Executive Leadership Team and is binding across the organisation.

Organisation: Nexus Network Group Limited
Policy Title: Whistleblowing Policy
Version: 1.0
Status: Approved and Active
Approval Date: January 2026
Review Cycle: Annual or upon legislative change

© Nexus Network Group Limited. All rights reserved.

_{WHISTLEBLOWING POLICY}

_{NEXUS AMBULANCE GROUP LTD}

Version: 1.0
Effective Date: January 2026
Review Cycle: Annual or upon legislative change

_{1. Purpose, Status and Policy Intent}

Nexus Ambulance Group Ltd (“the Company”) is committed to operating with integrity, transparency, accountability, and lawful governance. This Whistleblowing Policy establishes the framework through which individuals are encouraged and enabled to raise concerns about wrongdoing, misconduct, regulatory breach, or unsafe practices in a protected and responsible manner.

The purpose of this Policy is to:

• Provide a clear mechanism for reporting serious concerns

• Ensure concerns are assessed and addressed appropriately

• Protect individuals who raise concerns in good faith from detriment or retaliation

This Policy is issued in accordance with the Public Interest Disclosure Act 1998 (PIDA) and relevant UK governance and healthcare regulatory standards. It forms part of the Company’s governance framework and operates alongside safeguarding, conduct, disciplinary, and complaints procedures.

_{2. Scope and Application}

This Policy applies to all individuals who engage with, represent, or act on behalf of Nexus Ambulance Group Ltd in any capacity, including:

• Directors and Executive Officers

• Employees and workers

• Volunteers

• Contractors and agency personnel

• Students and trainees

• Former staff or representatives (where concerns relate to their period of involvement)

The Policy applies regardless of employment status and extends to concerns arising during or after engagement, provided they relate to Company activities.

_{3. What Constitutes Whistleblowing}

Whistleblowing refers to the disclosure of information that an individual reasonably believes shows wrongdoing or risk in the public interest.

Concerns that may fall within the scope of this Policy include, but are not limited to:

• Criminal activity, fraud, theft, or financial mismanagement

• Safeguarding failures or risks to children or adults at risk

• Serious breaches of clinical standards

• Breaches of legal or regulatory obligations

• Health and safety risks

• Abuse of authority or conflicts of interest

• Corruption or unethical conduct

• Misuse or misappropriation of Company assets

• Data protection or information security breaches

• Deliberate concealment of any of the above

This Policy is not intended to replace routine grievance or employment dispute procedures unless the concern involves serious wrongdoing or systemic risk.

_{4. Governing Principles}

Nexus Ambulance Group Ltd is committed to fostering a culture where individuals feel safe to speak up.

Disclosures made in good faith will be:

• Taken seriously

• Assessed objectively

• Investigated proportionately

• Treated confidentially so far as lawful and practicable

Concerns may be raised even where proof is not available, provided there is a reasonable belief that the information disclosed is true and in the public interest.

Knowingly false, malicious, or bad-faith disclosures are not protected and may result in disciplinary action.

_{5. Protection Against Detriment}

No individual who raises a concern in good faith under this Policy shall suffer:

• Dismissal

• Demotion

• Harassment

• Victimisation

• Discrimination

• Threats or intimidation

• Any other form of detriment

Retaliation against a whistleblower constitutes serious misconduct and may result in disciplinary action, removal from role, or termination of engagement.

Protection applies whether or not the concern is ultimately substantiated, provided it was raised honestly and with reasonable belief.

_{6. Confidentiality and Anonymity}

The Company will take reasonable steps to protect the identity of individuals who raise concerns.

Information will be shared only where necessary for investigation, safeguarding, regulatory compliance, or legal obligations.

Anonymous disclosures will be accepted and assessed. However, anonymity may limit the ability to investigate fully or provide feedback.

_{7. How to Raise a Concern}

Concerns should be raised as soon as reasonably practicable and should include:

• The nature of the concern

• Relevant dates and details

• Names of individuals involved (if known)

• Supporting information where available

Concerns may be reported to:

• A member of the Executive Leadership Team

• The Designated Safeguarding Lead (for safeguarding concerns)

• A senior manager independent of the issue

Where a concern involves senior leadership, or where the individual reasonably believes internal reporting is inappropriate or unsafe, the concern may be reported directly to an appropriate external authority.

_{8. Assessment and Investigation}

All whistleblowing disclosures will be assessed promptly to determine the appropriate course of action.

Investigations will be:

• Proportionate

• Impartial

• Confidential

• Conducted by appropriate personnel

Where necessary, external advisors or regulators may be engaged.

If wrongdoing is identified, corrective action may include:

• Disciplinary action

• Governance review

• Safeguarding referral

• Policy amendment

• Regulatory notification

• Referral to law enforcement

Feedback will be provided to the whistleblower where practicable, subject to confidentiality constraints.

_{9. External Reporting}

Nothing in this Policy prevents individuals from making disclosures to prescribed external bodies under the Public Interest Disclosure Act 1998.

This may include:

• The Care Quality Commission (CQC)

• The Health and Safety Executive (HSE)

• The Information Commissioner’s Office (ICO)

• Professional regulators (e.g., HCPC, NMC)

• Local Authority Safeguarding Teams

• Law enforcement

Internal reporting is encouraged where safe and reasonable, but external disclosure is recognised as a lawful option.

_{10. Interaction With Other Policies}

This Policy operates alongside:

• Integrated Safeguarding Policy

• Equality, Diversity & Inclusion Policy

• Code of Conduct

• Disciplinary Policy

• Complaints Procedure

• Data Protection & Privacy Policy

Where overlap exists, the most appropriate and protective procedure shall apply.

_{11. Governance and Oversight}

The Executive Leadership Team of Nexus Ambulance Group Ltd holds ultimate responsibility for oversight of this Policy.

Whistleblowing matters will be monitored as part of corporate governance and risk management processes.

The Policy will be reviewed annually or sooner if legislative, regulatory, or organisational changes require revision.

_{12. Document Control}

Organisation: Nexus Ambulance Group Ltd
Policy Title: Whistleblowing Policy
Version: 1.0
Status: Approved and Active
Approval Date: January 2026
Next Review: January 2027

© Nexus Ambulance Group Ltd. All rights reserved.

_{ACCEPTABLE USE POLICY}

_{NEXUS AMBULANCE GROUP LTD}

Version: 1.0
Effective Date: January 2026
Review Cycle: Annual or as required

_{1. Purpose, Authority and Status}

This Acceptable Use Policy (“the Policy”) establishes the mandatory standards governing the use of systems, equipment, communication platforms, digital infrastructure, vehicles, facilities, and other organisational resources owned, leased, managed, or controlled by Nexus Ambulance Group Ltd (“the Company”).

The purpose of this Policy is to ensure that all Company-managed systems and environments are used lawfully, securely, professionally, and in a manner consistent with healthcare governance, patient safety, safeguarding responsibilities, data protection law, and regulatory standards.

This Policy forms part of the Company’s governance framework and operates alongside the Code of Conduct, Integrated Safeguarding Policy, Equality, Diversity & Inclusion Policy, Whistleblowing Policy, Data Protection & Privacy Policy, Health & Safety Policy, and Asset Protection Policy.

Compliance with this Policy is a condition of employment, engagement, or access. No individual has an entitlement to use Company systems or assets other than in accordance with this Policy.

_{2. Scope and Application}

This Policy applies to all individuals who access or use Company systems or resources in any capacity, including:

• Directors and Executive Officers

• Employees and workers

• Volunteers

• Contractors and agency personnel

• Students and trainees

It applies to all organisational environments, including:

• Ambulance vehicles

• Clinical and patient transport settings

• IT systems and electronic health records

• Email, messaging, and communication systems

• Telephony and radio systems

• Cloud-based systems and databases

• Company-issued devices

• On-premises infrastructure

This Policy applies regardless of geographic location and whether access is permanent, temporary, or remote.

Use of Company systems constitutes acceptance of this Policy by conduct.

_{3. General Standard of Conduct}

All users must use Company systems and assets lawfully, responsibly, and professionally.

Use must:

• Support operational delivery

• Protect patient confidentiality

• Maintain system security

• Comply with data protection law

• Uphold safeguarding standards

• Protect organisational integrity

Conduct that is careless, reckless, malicious, disruptive, unlawful, or incompatible with safe healthcare delivery is prohibited.

_{4. Prohibited Conduct}

Users must not:

• Access, alter, or disclose confidential information without authorisation

• Use Company systems for unlawful activity

• Engage in harassment, discriminatory behaviour, or inappropriate communication

• Access or distribute offensive, extremist, or sexually explicit material

• Circumvent security controls or attempt unauthorised system access

• Install unauthorised software or applications

• Introduce malware or unsafe digital content

• Use Company resources for personal commercial activity

• Misrepresent identity, role, or authority

• Share login credentials or bypass authentication controls

Misuse of patient data or clinical systems constitutes serious misconduct and may result in regulatory or criminal consequences.

_{5. Safeguarding and Professional Boundaries}

Company communication systems must not be used to initiate or maintain inappropriate contact with patients, children, or adults at risk.

Private communication with patients outside authorised channels is prohibited unless clinically necessary and formally documented.

Any safeguarding concern arising from system use must be reported immediately in accordance with the Integrated Safeguarding Policy.

_{6. Acceptable IT and Systems Use}

Company IT systems are provided for legitimate business and operational purposes.

Limited personal use may be permitted where:

• It is incidental

• It does not interfere with duties

• It does not breach security

• It does not violate law or policy

The Company reserves the right to monitor system usage in accordance with data protection law and legitimate organisational interests.

Users must:

• Protect passwords and authentication credentials

• Lock devices when unattended

• Report lost or stolen equipment immediately

• Report suspected security breaches without delay

_{7. Social Media and Public Communications}

No individual may represent themselves as speaking on behalf of Nexus Ambulance Group Ltd unless formally authorised.

Users must not disclose confidential information, patient information, operational details, or internal governance matters on social media or public platforms.

Personal use of social media must not:

• Damage the reputation of the Company

• Undermine public trust

• Breach confidentiality

• Conflict with professional standards

_{8. Non-Commercial Use of Organisational Resources}

Company systems and assets must not be used for personal financial gain, private business promotion, unauthorised fundraising, or commercial advertising.

Any use of Company resources for external financial benefit without written authorisation constitutes serious misconduct.

_{9. Reporting Concerns}

Users must report:

• Security incidents

• Data breaches

• Safeguarding concerns

• Misuse of systems

• Suspected policy breaches

Reports should be made through line management, the Data Protection Officer, the Safeguarding Lead, or via the Whistleblowing Policy where appropriate.

Reports made in good faith are protected.

_{10. Enforcement and Consequences}

The Company reserves full discretion to assess breaches and determine appropriate action.

Enforcement measures may include:

• Informal guidance

• Formal warnings

• Restriction of access

• Disciplinary action

• Termination of employment or engagement

• Referral to regulators or law enforcement

Access to Company systems is a privilege, not a right.

Immediate action may be taken where necessary to protect patients, systems, or organisational integrity.

_{11. Monitoring and Compliance}

System use may be monitored for:

• Security purposes

• Regulatory compliance

• Clinical governance

• Risk management

Monitoring will be proportionate, lawful, and compliant with UK GDPR and data protection legislation.

_{12. Policy Review and Status}

This Policy will be reviewed annually or sooner if required by legislative, regulatory, technological, or operational changes.

Continued access to Company systems following policy updates constitutes acceptance of the revised Policy.

_{13. Document Control}

Organisation: Nexus Ambulance Group Ltd

Policy Title: Acceptable Use Policy

Version: 1.0

Status: Approved and Active

Approval Date: January 2026

Next Review: January 2027

© Nexus Ambulance Group Ltd. All rights reserved.

_{COMPLAINTS & GRIEVANCE POLICY}

_{NEXUS AMBULANCE GROUP LTD}

Version: 1.0
Effective Date: January 2026
Review Cycle: Annual or upon legislative change

Nexus Ambulance Group Ltd (“the Company”) is committed to delivering safe, effective, and lawful healthcare services and to maintaining high standards of fairness, transparency, accountability, and governance. This Complaints & Grievance Policy establishes the formal framework through which concerns, complaints, or grievances relating to the Company’s services, conduct, or operations may be raised, considered, and addressed in a proportionate and structured manner.

The purpose of this Policy is to provide a clear and accessible mechanism for individuals to express dissatisfaction, to ensure that concerns are assessed objectively and responded to appropriately, and to support learning and service improvement where necessary. This Policy does not create contractual rights beyond those required by law but reflects the Company’s commitment to good governance and regulatory compliance.

This Policy applies to complaints raised by patients, service users, carers, family members, members of the public, employees, volunteers, contractors, or former service users or representatives where the matter complained of relates to activities undertaken by or on behalf of Nexus Ambulance Group Ltd. The Policy applies only to matters within the reasonable responsibility, control, or influence of the Company, including clinical care, patient transport services, staff conduct, operational decisions, communication, and administrative processes. Matters wholly outside the Company’s remit will not be investigated under this Policy but may be signposted appropriately.

A complaint under this Policy is any expression of dissatisfaction about the Company’s actions, omissions, decisions, or service delivery where a response, explanation, or review is sought. This Policy does not replace safeguarding procedures, whistleblowing processes, statutory data protection rights, employment grievance procedures, or regulatory complaint mechanisms. Where overlap exists, the Company will determine the appropriate pathway and may redirect the matter accordingly.

Complaints will be handled fairly, impartially, proportionately, and in accordance with legal and regulatory obligations. The process is not adversarial and does not constitute legal proceedings. The Company will balance the interests of the complainant with safeguarding duties, patient confidentiality, data protection requirements, and the rights of staff and third parties. Complaints must be raised in good faith and should be submitted as soon as reasonably practicable after the event giving rise to concern. A complaint should include sufficient information to allow meaningful assessment, including a clear description of the issue, relevant dates and context, individuals involved where known, the impact of the issue, and the desired resolution if applicable.

Where appropriate and proportionate, concerns may be resolved informally through explanation, clarification, apology, or immediate corrective action. Informal resolution is not suitable in all cases, particularly where allegations are serious, involve safeguarding risk, regulatory breach, or significant harm. The Company retains discretion to determine the appropriate handling approach.

Upon receipt of a complaint, the Company will acknowledge it and conduct an initial assessment to determine whether it falls within scope and whether investigation is warranted. The Company may dismiss, decline, or limit consideration of complaints that are outside scope, anonymous without sufficient detail, vexatious, abusive, malicious, repetitious without new evidence, or excessively delayed without reasonable explanation.

Where an investigation is undertaken, it will be proportionate to the seriousness and complexity of the matter. The Company may review clinical records, documentation, communications, and policies; seek explanations from relevant individuals; and obtain external or professional advice where appropriate. The Company is not obliged to disclose confidential information, personal data relating to third parties, safeguarding material, internal governance deliberations, or legal advice except where required by law.

Following assessment or investigation, the Company will determine an outcome in accordance with its governance responsibilities. Outcomes may include explanation, clarification, apology where appropriate, corrective or remedial action, service improvement measures, staff training, disciplinary action where applicable, referral under another policy, or a determination that no further action is required. The Company does not guarantee any particular outcome. Where practicable and lawful, a written response outlining findings and conclusions will be provided.

The Company’s decision represents its final position on the matter unless a clear and material procedural error is demonstrated or significant new evidence emerges that could not reasonably have been provided earlier. A further review may be permitted at the Company’s discretion. Mere disagreement with the outcome does not constitute grounds for reconsideration. Nothing in this Policy restricts an individual’s right to escalate concerns to relevant external bodies where appropriate.

Individuals who raise complaints in good faith will not be subjected to retaliation, victimisation, or detriment as a result of doing so. This protection does not extend to complaints made dishonestly, maliciously, or abusively. Retaliatory conduct by any individual may result in disciplinary action.

Complaints will be handled sensitively and in accordance with applicable data protection legislation. Information will be shared only where necessary to assess or investigate the complaint, to comply with legal obligations, to safeguard individuals, or to protect the Company’s legitimate interests.

This Policy operates alongside the Integrated Safeguarding Policy, Whistleblowing Policy, Equality, Diversity & Inclusion Policy, Code of Conduct, Disciplinary Policy, Health & Safety Policy, and Privacy Policy. Where overlap exists, the most appropriate or highest applicable standard will apply.

Oversight of this Policy rests with the Executive Leadership Team of Nexus Ambulance Group Ltd. Complaints data may be reviewed periodically to identify trends, risks, and opportunities for service improvement. This Policy will be reviewed annually or sooner where legislative, regulatory, or operational changes require amendment.

Organisation: Nexus Ambulance Group Ltd
Policy Title: Complaints & Grievance Policy
Status: Approved and Active

© Nexus Ambulance Group Ltd. All rights reserved.

_{PROFESSIONAL CONDUCT & DISCIPLINARY ENFORCEMENT POLICY}

_{NEXUS AMBULANCE GROUP LTD}

Version: 1.0
Effective Date: January 2026
Review Cycle: Annual or upon legislative change

Nexus Ambulance Group Ltd (“the Company”) is committed to maintaining the highest standards of professional conduct, clinical integrity, safeguarding, and lawful governance. This Professional Conduct & Disciplinary Enforcement Policy establishes the framework through which behaviour, performance, and compliance with Company standards are assessed and enforced. The purpose of this Policy is to protect patients, staff, volunteers, the public, and organisational integrity while ensuring that concerns are addressed proportionately, fairly, and in accordance with applicable law.

This Policy applies to all individuals acting for or on behalf of Nexus Ambulance Group Ltd in any capacity, including Directors, Executive Officers, employees, volunteers, contractors, agency personnel, students, and trainees. Compliance with this Policy is a condition of employment, engagement, or access to Company facilities, systems, or operational environments. Nothing in this Policy creates contractual rights beyond those required by law; however, the Company will apply its processes consistently and in good faith.

All individuals are expected to uphold professional standards consistent with healthcare practice, patient safety, safeguarding obligations, equality and diversity principles, data protection law, and the Company’s Code of Conduct. Conduct must be lawful, ethical, respectful, and aligned with clinical and operational standards. Behaviour that compromises patient safety, breaches confidentiality, undermines safeguarding, damages public trust, misuses organisational assets, or conflicts with statutory or regulatory requirements may constitute misconduct.

Misconduct may include, but is not limited to, failure to follow clinical protocols; unsafe practice; breach of patient confidentiality; inappropriate relationships with patients; safeguarding failures; discrimination or harassment; dishonesty; falsification of records; misuse of Company systems or equipment; unauthorised disclosure of information; insubordination; substance misuse during duty; criminal conduct; or behaviour likely to bring the Company into disrepute. Serious misconduct, including gross misconduct, may result in summary dismissal or immediate termination of engagement where lawful.

Disciplinary action is a governance function exercised to protect safety, wellbeing, regulatory compliance, and organisational integrity. The Company retains discretion to determine whether conduct warrants informal management action, formal disciplinary proceedings, suspension, or immediate protective measures. The absence of previous enforcement does not create entitlement to leniency, nor does past tolerance constitute waiver of the Company’s right to act.

Where concerns arise, they will be assessed promptly. The Company may review records, statements, system logs, clinical documentation, or other relevant material and may seek professional or external advice where appropriate. Investigations will be proportionate to the seriousness of the matter and conducted impartially. Individuals subject to formal disciplinary investigation will normally be informed of the allegations and given an opportunity to respond, unless immediate action is required for safeguarding, patient safety, or regulatory reasons.

The Company may implement precautionary suspension or restriction of duties where necessary to protect patients, staff, evidence, or operational integrity. Such measures are neutral acts and do not imply predetermined outcome. Where safeguarding concerns arise, safeguarding considerations take precedence and may require immediate protective action, referral to statutory authorities, or notification to professional regulators. The Company is not required to disclose confidential safeguarding or third-party information beyond what is lawful and proportionate.

Disciplinary outcomes may include informal guidance, additional training, written warnings, final written warnings, reassignment of duties, restriction of access, demotion where lawful, termination of employment or engagement, referral to professional regulators, or referral to law enforcement. The Company does not guarantee a graduated approach in cases of serious misconduct and may proceed directly to dismissal or termination where justified.

Individuals have the right to raise procedural concerns under the Company’s Complaints & Grievance Policy. A limited review may be considered where a material procedural error or significant new evidence is demonstrated. Disagreement with the outcome alone does not invalidate disciplinary action.

Retaliation against any individual who raises concerns in good faith under the Whistleblowing Policy, participates in safeguarding reporting, or cooperates with investigations is strictly prohibited and may itself constitute serious misconduct.

All disciplinary matters will be handled sensitively and in accordance with data protection law. Information will be shared only where necessary to investigate, safeguard individuals, comply with legal obligations, or protect legitimate organisational interests.

Oversight of professional conduct and disciplinary governance rests with the Executive Leadership Team of Nexus Ambulance Group Ltd. The Company will periodically review disciplinary data to identify trends, risks, and opportunities for improvement in training, supervision, and governance.

This Policy may be amended at any time to reflect changes in law, regulatory guidance, clinical standards, or operational requirements. Continued employment or engagement constitutes acceptance of the current version of this Policy.

Organisation: Nexus Ambulance Group Ltd
Policy Title: Professional Conduct & Disciplinary Enforcement Policy
Status: Approved and Active

© Nexus Ambulance Group Ltd. All rights reserved.

WEBSITE TERMS OF USE

Nexus Ambulance Group Ltd
Last Updated: January 2026

These Website Terms of Use (“Terms”) constitute a legally binding agreement between you (“you” or “user”) and Nexus Ambulance Group Ltd (“the Company”, “we”, “us”, or “our”).

By accessing, viewing, browsing, loading, interacting with, or otherwise using this website in any manner, you confirm that you have read, understood, and agree to be bound by these Terms in full. If you do not agree, you must immediately cease using the website.

Nexus Ambulance Group Ltd is a private limited company incorporated in Scotland under company number SC866185. Its registered office is 24 French Street, Glasgow, Strathclyde, Scotland, G40 4EH.

For the purposes of these Terms, “Website” includes all domains, subdomains, pages, portals, interfaces, systems, infrastructure, and digital services operated by or on behalf of the Company. “Content” includes all text, graphics, branding, logos, documents, data, media, design, and code made available through the Website.

The Website is provided for lawful informational and operational purposes relating to the Company’s activities. You may access and view publicly available content for personal, lawful, and non-commercial purposes only. You must not attempt to gain unauthorised access to systems or data, interfere with security measures, introduce malicious material, reverse engineer infrastructure, scrape or harvest data without permission, deploy automated tools beyond standard search engine indexing, misrepresent your identity, or use the Website in any way that could damage, disrupt, or impair its operation.

All intellectual property rights in the Website and its Content are owned by or licensed to Nexus Ambulance Group Ltd and are protected under applicable intellectual property law. No licence or right is granted except for ordinary personal viewing.

Unauthorised reproduction, modification, distribution, or commercial exploitation is prohibited and may result in legal action.

The Company may monitor and log Website activity for security, fraud prevention, and compliance purposes in accordance with UK data protection law. Personal data is processed in line with the UK General Data Protection Regulation, the Data Protection Act 2018, and the Company’s Privacy Policy.

The Website is provided “as is” and “as available.” To the fullest extent permitted by law, the Company excludes liability for indirect or consequential loss arising from use of the Website. Nothing in these Terms excludes liability where exclusion is not permitted by law, including liability for death or personal injury caused by negligence or for fraud.

The Company may amend these Terms at any time. Continued use of the Website following publication of amended Terms constitutes acceptance of the revised version.

These Terms are governed by the law of Scotland, and the Scottish courts have exclusive jurisdiction over any dispute arising in connection with the Website.

By continuing to use this Website, you acknowledge and agree to these Terms in full.

© Nexus Ambulance Group Ltd. All rights reserved.

_{COOKIE, TRACKING AND ADVERTISING POLICY}

Nexus Ambulance Group Ltd
Last Updated: January 2026

Nexus Ambulance Group Ltd (“the Company”) confirms that its website operates without the use of cookies, tracking technologies, or advertising systems.

The Company does not deploy or permit first-party or third-party cookies, whether session-based or persistent. No tracking cookies, analytics cookies, marketing cookies, advertising cookies, preference cookies, or similar technologies are used. The Company does not place files, identifiers, scripts, or storage mechanisms on users’ devices for identification, recognition, behavioural analysis, or persistence between visits.

The Company does not track users. No behavioural profiling, usage analytics, performance monitoring, heatmapping, session replay, fingerprinting, or user analytics platforms are implemented. The Company does not collect or analyse browsing patterns, engagement data, navigation paths, or interaction metrics for analytics or monitoring purposes.

The Company does not operate advertising of any kind. No banner advertisements, sponsored content, promotional placements, affiliate links, or targeted advertising mechanisms are displayed. The Company does not sell advertising space, participate in advertising networks, or allow third parties to serve advertisements through its website. No personal data is processed for marketing or advertising purposes.

The website is engineered to function without client-side cookies or persistent storage. Limited server-side technical logs (such as IP addresses and timestamps) may be processed strictly for security, system integrity, and lawful operational purposes. Such processing does not involve tracking, profiling, or advertising and is retained only as long as necessary for security and compliance.

The Company does not intentionally embed third-party content that deploys cookies or tracking technologies. Where users navigate to external websites via links, those sites operate independently and are governed by their own policies. The Company accepts no responsibility for third-party practices.

This Policy is compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). As no cookies or tracking technologies are used, no consent banner or cookie management mechanism is required.

This Policy represents the authoritative position of Nexus Ambulance Group Ltd on cookies, tracking, and advertising and remains in force unless formally amended.

For enquiries regarding this Policy, please contact:

Data Protection Officer (DPO)
Nexus Network Group Limited (Parent Company & Data Protection Controller)
📧 dpo@nexusambulance.co.uk

Concerns may also be raised with the Information Commissioner’s Office (ICO).

© Nexus Ambulance Group Ltd. All rights reserved.

_{RISK MANAGEMENT POLICY}

Nexus Ambulance Group Ltd
Version 1.0 – January 2026

_{Policy Statement}

This document constitutes the formal Risk Management Policy of Nexus Ambulance Group Ltd (“the Company”). It establishes the framework through which the Company identifies, assesses, manages, monitors, and reviews risks arising from its clinical services, operational activity, governance responsibilities, and strategic objectives.

The Company recognises that risk is inherent in healthcare operations. Effective risk management is essential to patient safety, safeguarding, regulatory compliance, organisational resilience, and the protection of staff, volunteers, service users, and the public.

Risk management is embedded into governance oversight, clinical practice, operational planning, and leadership decision-making.

This Policy forms part of the Company’s wider governance framework and operates alongside related policies, including Safeguarding, Health & Safety, Data Protection, Incident Management, Professional Conduct, and Clinical Governance policies.

_Scope

This Policy applies to all Directors, Executive Leaders, employees, volunteers, contractors, agency personnel, and any individual acting on behalf of Nexus Ambulance Group Ltd.

It applies across all Company activities, including clinical service delivery, patient transport operations, safeguarding functions, data processing, workforce management, asset control, and regulatory compliance.

_{Risk Management Framework}

Risk management within the Company is continuous and proportionate. Risks are identified through strategic review, operational oversight, incident and near-miss reporting, complaints, audits, safeguarding concerns, regulatory updates, and professional judgement.

Each identified risk is assessed by considering its likelihood and potential impact. Impact assessment includes potential harm to patients or vulnerable persons, legal or regulatory consequences, operational disruption, financial loss, and reputational damage.

All significant risks are recorded within a central Risk Register. Each risk is clearly described, assigned a risk rating, and allocated to a named risk owner responsible for oversight and mitigation. High or critical risks are subject to enhanced executive review.

Mitigation measures may include policy development, clinical protocol revision, training, supervision, system controls, operational adjustments, or escalation to senior leadership. Risks relating to patient safety, safeguarding, legal compliance, or data protection are prioritised and subject to heightened scrutiny. Acceptance of risk must be documented and approved at the appropriate level of authority.

_{Roles and Responsibilities}

Overall accountability for risk management rests with the Board and Executive Leadership Team. They are responsible for ensuring that risk management arrangements are effective, proportionate, and aligned with statutory and regulatory obligations.

A designated senior lead for Corporate Risk Management oversees the operational framework, maintains the Risk Register, coordinates risk assessment activity, and escalates material or emerging risks to leadership.

Directors and managers are responsible for identifying and managing risks within their areas of authority. All staff and volunteers have a personal responsibility to remain vigilant to risk and to report incidents, concerns, or weaknesses in control measures without delay.

_{Incident Reporting and Escalation}

Where a risk materialises, or where an incident or near-miss occurs, it must be reported promptly in accordance with Company procedures. Serious incidents, safeguarding concerns, or notifiable data breaches must be escalated immediately to senior leadership and reported to relevant authorities where required by law.

Lessons learned from incidents and reviews are used to strengthen controls and improve organisational resilience.

_{Monitoring and Review}

Risk management is an ongoing process. The Risk Register is reviewed regularly, and this Policy is formally reviewed at least annually or sooner if required by legislative change, regulatory development, organisational restructuring, or following a significant incident.

Failure to comply with this Policy or to discharge risk management responsibilities may result in disciplinary action in accordance with Company procedures.

Organisation: Nexus Ambulance Group Ltd
Policy Title: Risk Management Policy
Status: Approved and Active
Review Cycle: Annual

© Nexus Ambulance Group Ltd. All rights reserved.

_{SPONSORSHIPS AND PARTNERSHIPS POLICY}

Nexus Ambulance Group Ltd
Version 1.0 – January 2026

_{Policy Statement}

This document constitutes the formal Sponsorships and Partnerships Policy of Nexus Ambulance Group Ltd (“the Company”). It establishes the framework governing the consideration, approval, management, monitoring, and termination of all sponsorships and partnerships entered into by the Company.

The Company adopts a precautionary and governance-led approach to external relationships. Sponsorships and partnerships must not compromise patient safety, safeguarding responsibilities, regulatory compliance, operational independence, or public trust. This Policy forms part of the Company’s governance framework and operates alongside the Risk Management, Safeguarding, Data Protection, Equality, and Professional Conduct policies.

_Scope

This Policy applies to all Directors, Executive Leaders, employees, volunteers, contractors, and any individual acting on behalf of Nexus Ambulance Group Ltd.

It applies to all forms of sponsorship and partnership, including financial sponsorship, in-kind contributions, brand associations, collaborations, affiliations, joint initiatives, data-sharing arrangements, and any agreement in which an external organisation is associated with the Company’s name, services, or activities.

No individual may negotiate, imply, represent, or announce a sponsorship or partnership without proper authority under this Policy.

_{Approval and Due Diligence}

All proposed sponsorships and partnerships must undergo documented due diligence and risk assessment prior to approval. This includes verification of the external party’s legal status, governance structure, reputation, safeguarding standards, equality commitments, data protection compliance, and financial integrity.

Any arrangement involving financial consideration, brand association, public representation, shared platforms, or reputational exposure requires formal approval by the Executive Leadership Team. Arrangements assessed as high-risk or strategically significant require Board-level approval.

All approved sponsorships and partnerships must be governed by a written agreement clearly defining scope, responsibilities, branding permissions, confidentiality and data protection obligations, review arrangements, and termination rights.

No arrangement may restrict the Company’s governance authority, clinical independence, safeguarding obligations, or regulatory compliance.

_{Monitoring and Termination}

All sponsorships and partnerships shall be subject to ongoing monitoring to ensure continued compliance with Company standards and alignment with organisational objectives.

The Company reserves the right to suspend or terminate any sponsorship or partnership where risks increase, obligations are breached, reputational harm arises, or continuation is no longer considered to be in the best interests of the Company or those it serves.

Failure to comply with this Policy may result in disciplinary action or termination of agreements in accordance with Company governance procedures.

Organisation: Nexus Ambulance Group Ltd
Policy Title: Sponsorships and Partnerships Policy
Status: Approved and Active
Review Cycle: Annual

© Nexus Ambulance Group Ltd. All rights reserved.