
This privacy policy explains your rights and gives you the information to which you are entitled under the Data Protection Act 2018 and UK General Data Protection Regulation. Download an easy read version of our adult and children’s privacy policy PDF, 1 MB).
Cornwall Partnership NHS Foundation Trust provide a range of mental and physical health services to children and adults across Cornwall and the Isles of Scilly.
Through-out the pandemic period the health and care sector, including Cornwall Partnership NHS Foundation Trust processed information at a pace and on a scale not previously seen. We did this to ensure patient safety and protect life during unprecedented times.
In order for us to share and use information for purposes related to COVID-19, the Secretary of State for Health and Social Care issued a Control of Patient Information Regulations 2002 notice. This specifically enabled the health and care sector to share personal data to manage and mitigate the spread and impact of the current outbreak of COVID-19, which can be accessed. The notice was in place till the end of June 2022 and we no longer process data in this way.
We process personal information about you so that we can continue to provide an enhanced level of service to the public for health services. High standards in handling personal information are of the upmost importance to us, because they help us to maintain confidence from our customers, suppliers, partners and the wider UK public.
When we handle your information, we undertake to:
We additionally undertake to:
We process information to enable us to:
We also process information to include administration of health and social care services, management and administration of land, property and residential property and undertake research.
We operate a CCTV system on our premises for the prevention of crime and the safety and security of our staff and premises.
Paragraph 7 of Chapter 2 to the Data Protection Act 2018 provides that, as an organisation mandated by the UK government, Cornwall Partnership NHS Foundation Trust may process personal data as necessary for the effective performance of a task carried out in the public interest.
Should this provision not apply we will always identify the lawful basis on which your personal information is processed as defined by Article 6 and 9 of the UK GDPR.
We process information about our:
As a data controller of your personal data, we may, where necessary, and in line with data protection legislation, need to share this (and our data processors may also share information) with other organisations.
Please note the data shared will be dependent on the type of service used within the Trust. The below provides examples of types of organisations where we may, if necessary, share your data.
Type of organisation | Reason for sharing |
---|---|
Employment and recruitment agencies |
To obtain an employment reference for recruitment purposes. |
Current and past employers |
To verify your employment history for recruitment purposes. |
Suppliers and service providers |
To support the services we provide to the public. |
Internal audit and other auditors as required |
To support regular audit activities and maintain scrutiny over public authority decision-making and activities. |
Health and care organisations |
To support your health and wellbeing and better inform care for you. |
Other statutory law enforcement agencies |
To assist in any legal or fraudulent activity. |
Survey and research organisations |
To share your information for research purposes where you have consented to be part of a study. |
Government regulators |
To support organisational audit and investigations such as the Information Commissioner's Office. |
The police |
To assist with police enquiries in line with relevant legislation. |
Home Office | To support payments and charging for overseas NHS treatment. |
Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.
This shared system is called the Devon and Cornwall Care Record.
It’s important that anyone treating you has access to your shared record so they have all the information they need to care for you. This applies to your routine appointments and also in urgent situations such as going to the emergency department, calling 111 or going to an out-of-hours appointment.
It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised health and care staff can access the Devon and Cornwall care record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data; just data that services have agreed is necessary to include.
Outside specific exemptions under specific legislation related to personal data your information shall be retained for no longer than the purposes for which it is being processed.
We comply with the Records Management Code of Practice for 2021.
The data we are collecting is your personal information and you have considerable say over what happens to it. As such, you have the right to:
Data protection legislation allows you to find out the personal information we hold about you on computer and IT records (formerly known as a subject access request).
The legislation requires us to respond to a valid request within 1 month. However, in the event we are unable to meet this timescale (for example due to a large volume of information to be assessed) we will keep you informed of progress towards fulfilling your request.
To make a subject access request, email our subject access request team.
The Trust is working to find ways to develop better treatments for care. The information we hold on you can be used to help our researchers understand more about causes of illnesses and how best to treat them.
We follow strict rules to make sure your personal data is always kept secure and confidential. Where possible, we take out any information that could identify you, such as your name, address and postcode. If we cannot practically take out such information, it is our legal responsibility to ask for your explicit consent or to identify an appropriate legal basis to process your data.
Our organisation is compliant with the national data opt-out policy.
Whenever you use a health or care service or using any of our services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information is not needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
For all services, we’d like to keep in touch with you to inform you of the valuable work and services we provide. You are always in full control of the messages you receive.
If you are a patient, we will ask you to provide us with additional contact information like your email address and mobile phone number. We do this so that we can provide you with timely communications relating to your appointments, and your treatment. We may contact you about eligible research or evaluation we need your support with. You can always opt out if you wish.
If you want us to change the way we contact you, email our information governance team.
You can use our website without providing any personal details. However, to sign up to any services, you must provide data to support this. Cookies are a record made on your computer that save information about the web pages you visit and services you use. You may disable the use of cookies, but this may limit the functionality of our websites or your access to it.
Cookies are files or pieces of information that are stored by your browser on your computer's hard drive. The Trust may use cookies to collect information about you and to identify you during your visit to our websites, like the particular site areas you visit and the services you use through our websites. We collect this information to better tailor our site to your interests and needs.
Cookies may also be used to help speed up your future activities on our websites. For example, a site can recognise that you have provided personal information to us and refrain from requesting the same information a second time.
We also use cookies for online retargeting purposes to show you relevant adverts from us on third-party sites, including social media websites, based on pages you have visited on our site and others.
We hold cookie information for 30 days before the cookie expires.
Most browsers are initially set to accept a cookie. If you prefer, you can set yours to refuse cookies or to alert you when cookies are being sent. Refusal of cookies at the site you enter may result in an inability to visit certain areas of the site or to receive personalised information when you visit the site.
List of cookies on Cornwall Partnership NHS Foundation Trust website (PDF, 99 KB)
For further information on cookies, consult the help section of your browser. Our cookie information page also provides more information.
Cornwall Partnership NHS Foundation Trust is the data controller for the personal data we hold and process about you.
The data protection officer is Umar Sabat.
For independent advice about data protection, privacy and data sharing issues, you can contact the independent Information Commissioner's Office.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device. For example, a computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
You can manage these small files yourself through your browser setting.
The cookie providers listed below may distribute the gathered cookie information with other third-party websites for the purpose of activity tracking. You can find out more about the policy of each cookie provider on their respective privacy pages.
We use a session cookie at all times. The purpose of this cookie is to maintain the state of the site in the effect of a user's selected behaviours for the site as they navigate through it. Examples of these behaviours might be:
This cookie also ensures that if the site is hosted in a load-balanced environment, the visitor’s browsing session stays on the same server throughout their use of the site.
This cookie does not store any personal information about the site visitor, their computer, their visit, or their browsing history. No personal information is collected by VerseOne through the use of this cookie. After the end of the visitor’s session (the browser tab or window is closed, or after an inactivity timeout which is configurable in VerseOne CMS), the cookie’s validity is destroyed and the browser removes the cookie from the visitor’s compute
Be aware that the providers listed below may change their cookie names without notice.
As an example, we use the following cookies on our website:
We want to provide interesting and engaging content on our website. On a number of pages we use ‘plug ins’ or embedded media. For example, we embed YouTube videos in many pages. We also provide links to share content with popular social media sites such as Facebook, Instagram, YouTube and Twitter.
The suppliers of these services may also set cookies on your device when you visit the pages where we have used this type of content. These are known as ‘third-party’ cookies. Third-party cookies are delivered on behalf of their respective organisations. As such they may change their name and purpose from the cookies identified below, this is beyond the control of Cornwall Partnership NHS Foundation Trust.
We will not use cookies to collect personally identifiable information about you.
However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The help function within your browser should tell you how.
Be aware that restricting cookies may impact on the functionality of our website.
If you wish to view your cookie code, just click on a cookie to open it. You’ll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.
For information on how to do this on the browser of your mobile phone, you will need to refer to your handset manual.
To opt-out of third-parties collecting any data regarding your interaction on our website, refer to their websites for further information.
Full list of cookies on Cornwall Partnership NHS Foundation Trust website (PDF, 99 KB)
The Cornwall Partnership NHS Foundation Trust website uses Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
The Cornwall Partnership NHS Foundation Trust website contains links to other websites of interest. However, once you have used these links to leave this website, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. We recommend that you review the websites privacy policy as a precautionary measure. The Trust does not endorse any external sites and is not responsible for their content.