Privacy policy

This privacy policy explains your rights and gives you the information to which you are entitled under the Data Protection Act 2018 and UK General Data Protection Regulation.

Resources

Who we are

Cornwall Partnership NHS Foundation Trust provide a range of mental and physical health services to children and adults across Cornwall and the Isles of Scilly.

Reasons and purposes for processing information

We process personal information about you so that we can continue to provide an enhanced level of service to the public for health services. High standards in handling personal information are of the upmost importance to us, because they help us to maintain confidence from our customers, suppliers, partners and the wider UK public.

When we handle your information, we undertake to:

  • make sure you know why we need it
  • only ask for what we need, and collect the minimal amount required
  • protect your information and ensure no one has access to it who should not
  • let you know if we are going to share it with other organisations
  • make sure we do not keep your information for longer than necessary
  • ensure you have the right to request any incorrect information be rectified
  • not make your personal information available for commercial use without your consent
  • value the personal information entrusted to us and make sure that we abide by the law when it comes to handling your personal information
  • ensure we consider security at the outset of any new project where we are planning to hold or use personal information in new ways, and to continue to review existing systems to ensure they are compliant with new laws
  • provide training to staff in how to handle personal information, maintain proper oversight of our information assets and respond appropriately if information is not used or protected properly

We also process information to include administration of health and social care services, management and administration of land, property and residential property and undertake research.

We operate a CCTV system on our premises for the prevention of crime and the safety and security of our staff and premises.

Lawful basis for processing your personal data

Paragraph 7 of Chapter 2 to the Data Protection Act 2018 provides that, as an organisation mandated by the UK government, the Trust may process personal data as necessary for the effective performance of a task carried out in the public interest.

For special category data, such as health, we will likely be processing your data for health and social care purposes. In some circumstances other legal bases may apply such as public health, employment, legal claims, courts archiving and in rare circumstances consent.

We will always identify the lawful basis on which your personal information is processed as defined by Article 6 and 9 of the UK GDPR.

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
  • we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group who are satisfied that it is not possible or practical to seek consent
  • we have a legal requirement to collect, share and use the data

For specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality. For example sharing information with the police to support the detection or prevention of serious crime. This will always be considered on a case-by-case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service

How data is collected

Depending on the information, we may collect data direct from you, and/or third parties such as family, carers, friends, professionals involved in your health and social care or employment, business partners, subcontractors.

We may also collect information through online tracking technologies, as detailed further down in this policy.

Information we process

We process information about our:

  • customers
  • employees
  • suppliers and providers
  • advisers, consultants, and other professional experts
  • complaints and enquiries
  • students on placements
  • academics
  • members and supporters of unions
  • NHS staff
  • members of the public for CCTV purposes
  • research applicants
  • researchers
  • patients and carers
  • governors

How we store your data

The Trust is committed to securing your personal information from unauthorised access, use or disclosure. A combination of physical and electronic controls will help protect your personal information, creating a secure environment that allows for the provision of best quality care and preventing misuse of that data.

Is information transferred outside the UK?

Our data is hosted within the UK or within European Economic Area's who operate under the GDPR.

Who we share information with

As a data controller of your personal data, we may, where necessary, and in line with data protection legislation, need to share this (and our data processors may also share information) with other organisations.

Please note the data shared will be dependent on the type of service used within the Trust. The below provides examples of types of organisations where we may, if necessary, share your data.

Types of organisations where we may, if necessary, share.
Type of organisation Reason for sharing

Employment and recruitment agencies

 To obtain an employment reference for recruitment purposes.

Current and past employers

 To verify your employment history for recruitment purposes.

Suppliers and service providers

 To support the services we provide to the public.

Internal audit and other auditors as required

 To support regular audit activities and maintain scrutiny over public authority decision-making and activities.

Health and care organisations

 To support your health and wellbeing and better inform care for you.

Other statutory law enforcement agencies

 To assist in any legal or fraudulent activity.

Survey and research organisations

 To share your information for research purposes where you have consented to be part of a study.

Government regulators

 To support organisational audit and investigations such as the Information Commissioner's Office.

The police

 To assist with police enquiries in line with relevant legislation.
Home Office To support payments and charging for overseas NHS treatment.

Devon and Cornwall care record

Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.

This shared system is called the Devon and Cornwall Care Record.

It's important that anyone treating you has access to your shared record, so they have all the information they need to care for you. This applies to your routine appointments and in urgent situations such as going to the emergency department, calling 111 or going to an out-of-hours appointment.

It's also quicker for staff to access a shared record than to try to contact other staff by phone or email.

Only authorised health and care staff can access the Devon and Cornwall care record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data; just data that services have agreed is necessary to include.

Data retention

Outside specific exemptions under specific legislation related to personal data your information shall be retained for no longer than the purposes for which it is being processed.

We comply with the Records Management Code of Practice.

Your rights

Under data protection law you have rights, depending on the legal bases for processing your personal and special category data. Those rights are listed below.

  • Access: You have the right to ask us for copies of your personal information (known as a subject access request).
  • Rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Object to processing: You have the right to object to the processing of your personal information in certain circumstances.
  • Data portability. You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have 1 month to respond to you, with up to an additional 2 months when the request is complex.

To request copies of your records , email our Subject Access Request Team.

For all other requests, email our Information Governance Team.

How we use your information for research and development

The Trust is working to find ways to develop better treatments for care. The information we hold on you can be used to help our researchers understand more about causes of illnesses and how best to treat them.

We follow strict rules to make sure your personal data is always kept secure and confidential. Where possible, we take out any information that could identify you, such as your name, address and postcode. If we cannot practically take out such information, it is our legal responsibility to ask for your explicit consent or to identify an appropriate legal basis to process your data.

The Health Research Authority governs health research. Their patient data and research leaflet can be found on their website.

For more details about the research projects that the Trust is involved in, visit our research webpage.

National data opt-out

Our organisation is compliant with the national data opt-out policy.

Whenever you use a health or care service or using any of our services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information is not needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Useful links

Communications

For all services, we'd like to keep in touch with you to inform you of the valuable work and services we provide. You are always in full control of the messages you receive.

If you are a patient, we will ask you to provide us with additional contact information like your email address and mobile phone number. We do this so that we can provide you with timely communications relating to your appointments, and your treatment. We may contact you about eligible research or evaluation we need your support with. You can always opt out if you wish.

If you want us to change the way we contact you, contact our information governance team.

Contacting our data protection officer

The Trust is the data controller for the personal data we hold and process about you. If you can any concerns about the processing of your information, or wish to raise a complaint about how we process your information you can contact our Data Protection Officer, Gina Matthews.

  • Email our Data Protection Officer.
  • Write to Cornwall Partnership NHS Foundation Trust, Information Governance team, Suite 6, Carew House, Beacon Technology Park, Dunmere Road, Bodmin, PL31 2QN.

Contact the Information Commissioner's Office

For independent advice about data protection, privacy and data sharing issues, or to raise a complaint about how the Trust has processed your data, you can contact the independent Information Commissioner's Office.

Cookie policy

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device. For example, a computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • enabling a service to recognise your device so you do not have to give the same information several times during a task
  • recognising that you may already have given a username and password so you do not need to do it for every web page requested
  • measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast.

You can manage these small files yourself through your browser setting.

The cookie providers listed below may distribute the gathered cookie information with other third-party websites for the purpose of activity tracking. You can find out more about the policy of each cookie provider on their respective privacy pages.

Current cookies

We use a session cookie at all times. The purpose of this cookie is to maintain the state of the site in the effect of a user's selected behaviours for the site as they navigate through it. Examples of these behaviours might be:

  • logging in to the site and staying logged in as they click around
  • choosing a colour contrast stylesheet
  • filling in a multi-page form

This cookie also ensures that if the site is hosted in a load-balanced environment, the visitor's browsing session stays on the same server throughout their use of the site.

JSESSIONID cookie

  • Type: Session
  • Expiry: Browser close
  • Linked information: Username
  • Functions: When a user logs in, maintains authentication state and access rights.

This cookie does not store any personal information about the site visitor, their computer, their visit, or their browsing history. No personal information is collected by VerseOne through the use of this cookie. After the end of the visitor's session (the browser tab or window is closed, or after an inactivity timeout which is configurable in VerseOne CMS), the cookie's validity is destroyed and the browser removes the cookie from the visitor's compute

Be aware that the providers listed below may change their cookie names without notice.

As an example, we use the following cookies on our website:

Cookie: Google Analytics

  • Example name: _utma, _utmb, _utmc, _utmz, GAPS, LSID, LSOSID, OTZ
  • Purpose: These cookies are used to collect information about how visitors use our site, which we use to help improve it. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. These cookies may also be identified as originating from cornwallft.nhs.uk. More information about Google cookies

Cookie: www.google.com (Google embedded search)

  • Example name: __utmx, __utmxx, APISID, HSID, NID, PREF, SAPISID, SID, SSID
  • Purpose: These cookies are used to collect information about how visitors use our site, which we use to help improve it. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited and what they have searched for. More information about Google search cookies

Embedded content

We want to provide interesting and engaging content on our website. On a number of pages we use 'plug ins' or embedded media. For example, we embed YouTube videos in many pages. We also provide links to share content with popular social media sites such as Facebook, Instagram, YouTube and Twitter.

The suppliers of these services may also set cookies on your device when you visit the pages where we have used this type of content. These are known as 'third-party' cookies. Third-party cookies are delivered on behalf of their respective organisations. As such they may change their name and purpose from the cookies identified below, this is beyond the control of Cornwall Partnership NHS Foundation Trust.

Cookie: YouTube

  • Example name: PREF, VISITOR_INFO1_LIVE, use_hitbox
  • Purpose: To track visitor views, and to remember user preferences when viewing YouTube videos embedded in our website web pages. More information about YouTube cookies

Cookie: Twitter

  • Example name: guest_id, remember_checked, remember_checked_on, secure_sessions, twll
  • Purpose: To track visitor information and for security authentication. More information about Twitter cookies

Cookie: Facebook

  • Example name: guest_id, remember_checked, remember_checked_on, secure_sessions, twll
  • Purpose: To track visitor information and for security authentication.

Cookie: Instagram

  • Example name: guest_id, remember_checked, remember_checked_on, secure_sessions, twll
  • Purpose: To track visitor information and for security authentication.

How to control and delete cookies

We will not use cookies to collect personally identifiable information about you.

However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The help function within your browser should tell you how.

Be aware that restricting cookies may impact on the functionality of our website.

If you wish to view your cookie code, just click on a cookie to open it. You'll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.

For information on how to do this on the browser of your mobile phone, you will need to refer to your handset manual.

To opt-out of third-parties collecting any data regarding your interaction on our website, refer to their websites for further information.

Full list of cookies on Cornwall Partnership NHS Foundation Trust website (PDF, 99 KB)

Links to other websites

The Trust website contains links to other websites of interest. However, once you have used these links to leave this website, you should note that we do not have any control over that other website.

We cannot be responsible for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

We recommend that you review the websites' privacy policy as a precautionary measure. The Trust does not endorse any external sites and is not responsible for their content.

Changes to this statement

We will update this page, at least annually or, where we have received feedback, national guidance or made changes in how our services use your information. We therefore encourage you to periodically review this web page in case of any changes.

The date of last review was January 2025.