Privacy notice for staff and volunteers

By issuing this privacy notice, we demonstrate our commitment to openness and accountability.

Why have we issued this privacy notice for our staff and volunteers?

We recognise the importance of protecting personal and confidential information in all that we do, and take care to meet our legal and other duties, including compliance with the following:

  • Data Protection Act 2018
  • Human Rights Act 1998
  • Access to Health Records Act 1990
  • Freedom of Information Act 2000
  • Health and Social Care Act 2012, 2015
  • Public Records Act 1958
  • Copyright Design and Patents Act 1988
  • Re-Use of Public Sector Information Regs 2004
  • Computer Misuse Act 1990
  • Common Law Duty of Confidentiality
  • NHS Care Records Guarantee for England
  • Social Care Records Guarantee for England
  • International information Security Standards
  • Information Security Code of Practice
  • Records Management Code of Practice for Health & Social Care 2016
  • Accessible Information Standards
  • General Data Protection Regulations 2018

How do we collect you information?

Your information could be collected in a number of different ways. This could be directly from you in person, over the telephone or on a form you have completed, such as a job application, contractual documentation or time sheet.

Details might also come from an external source such as:

  • NHS Jobs
  • your professional body, current or previous employers
  • the Disclosure and Barring Service
  • government bodies like HM Revenue and Customs, the Department for Work and Pensions
  • UK Visas and Immigration

Why do we collect your information and how it is used?

We will only process your personal data where we have your consent or where the processing can be legally justified under UK law. These include circumstances where the processing is necessary for the performance of staffs’ contracts with us or for compliance with any legal obligations which applies to us as your employer.

This includes, but is not limited to:

  • staff administration (including payroll and pensions)
  • education, training and development
  • information and database administration
  • business management and planning
  • accounting and auditing
  • criminal prosecution and prevention
  • health administration and services
  • national fraud initiatives
  • quality monitoring (such as staff surveys)
  • used for modelling the future provision of health and social care services within Cornwall

By signing your contract with the trust, you consent to us holding and processing any information about you which you provide to us, or which we may acquire as a result of employment.

How do we keep your information safe and maintain confidentiality?

Under the Data Protection Act 2018, strict principles govern our use of information and our duty to ensure it is kept safe and secure. Your information may be stored within electronic or paper records, or a combination of both. All our records are restricted so that only those individuals who have a need to know the information can get access. This might be through the use of technology or other environmental safeguards.

Everyone working for the NHS is subject to the common law duty of confidentiality. This means that any information that you provide to us in confidence will only be used in connection with the purpose for which it was provided, unless we have specific consent from you or there are other special circumstances covered by law.

Under the NHS confidentiality code of conduct, all of our staff are required to protect information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.

Every NHS organisation has a senior person that is responsible for the overall protection, security and confidentiality of information. This person is known as the senior information risk owner (SIRO), and within our Trust this role sits with our executive director of integrated governance. More information is available on under meet the board.

To support you through the process, read our subject access policy and procedure.

You can also request further information or an application form, by one of the following means:

Post: Subject access request team, Cornwall Partnership NHS Foundation Trust, Kernow Building, Wilson Way, Pool, Redruth TR15 3EQ3

Call 01209 204 010

Email the subject access request team

Do we pass your information on to other people or organisations?

When we are required to do so, we will ensure that we seek your consent before sharing your personal information with other people. We will not pass your personal information to your friends, relatives or carers without your explicit consent. If you are unable to consent for any reason, we will only share information where it is clearly in your best interests to do so or it is required by law.

The Trust sometimes needs to share the personal information we process with other organisations. When we do this we are required to comply with all aspects of the General Data Protection Regulations. Where necessary we also have data sharing agreements in place with our partner organisations which will state the specific ways in which the shared data can be used.

The organisations we share information with can include:

  • other public and private healthcare, voluntary, community, social enterprise and welfare organisations
  • central and local government organisations
  • police forces and security organisations
  • public and private service providers, suppliers of medical equipment and support systems
  • public and private auditors and audit bodies
  • legal representatives
  • survey and research organisations
  • professional advisers and consultants

The reasons why we would share your information, other than for your care, can include:

  • notification of births and deaths
  • an emergency (when there is risk of loss of life or limb)
  • to control infectious diseases (such as meningitis or tuberculosis)
  • child protection
  • when required by a formal court order
  • for the prevention or detection of a crime.

How can you get access to the information that we hold about you?

Under the terms of the Data Protection Act 2018 and the General Data Protection Regulations 2018, you have the right to request access to the information that we hold about you.

To support you through the process, read our subject access request policy and procedure.

You can also request further information or an application form, by:

  • post to: Subject access request team, Cornwall Partnership NHS Foundation Trust, The Kernow Building, Wilson Way, Pool, Redruth TR15 3EQ
  • call 01209 204 010
  • email the subject access request team

Contact us about queries or concerns

If you have any queries or concerns regarding the information that we hold about you or you have a question regarding this privacy notice, please contact our information governance team.

  • Post: Information governance department, Cornwall Partnership NHS Foundation Trust, Suite 6, Carew House, Beacon Technology Park, Dunmere Road, Bodmin PL31 2QN
  • Call 01208 834 495
  • Email the information governance team

How long do we retain your records?

All our records are destroyed in accordance with the Records Management Code of Practice 2021; A guide to the management of health and care records, which sets out the appropriate length of time each type of NHS record is retained. We do not keep your records for longer than necessary.

All records are appropriately reviewed once their retention period has been met, and the Trust will decide whether the record still requires retention or should be confidentially destroyed. All decisions and destructions will be documented.

How to make a complaint

The Trust welcomes complaints as a way of learning from people’s experiences and improving our services.

If we haven’t been able to resolve your concerns locally or through the patient advice and liaison service (PALS), then you may wish to make a formal complaint. We welcome complaints as a way of learning from people’s experiences and improving our services.

The PALS team can give you help, advice and support in making a complaint. Also, they can put you in contact with local advocacy services if you feel you need some support to make your complaint.

As a Trust, we take complaints very seriously. All complaints are treated in confidence. We aim to resolve complaints quickly and fairly and will try to rectify any mistake or misunderstanding straight away.

It is helpful if you make a complaint as soon as possible. Usually we will investigate complaints that are made within:

  • 12 months of the event
  • 12 months of you realising you were unhappy about a specific situation or event

Complaints are not kept in healthcare records and will not affect ongoing or future treatment in any way.

Contact us

  • Write to: PALS office, Cornwall Partnership NHS Foundation Trust, Room 11, Banham House, Bodmin Hospital, Bodmin PL31 2QT
  • Call 01208 834 620
  • Email the PALS team

What happens when you make a complaint?

We will try to contact you to talk to you about your complaint, or we will write to you and ask you to contact us so we can talk about the issues raised. This usually occurs within 3 working days.

If you are raising concerns on behalf of someone who has received care from us, then we will need to ask their permission to share with you any confidential and personal information.

We will discuss how you wish us to handle your complaint and discuss how long it is likely to take in order to investigate and respond to the issues you have raised.

If the issues also involve another local NHS organisation or local authority, with your permission, we will work together to provide you with 1 response.

We will provide you with an explanation of the points you have raised, details of what we have found out and, if required, what we will be doing to put things right.

What if I am still unhappy?

If you feel that you need support in making your complaint, then you can contact the Health Complaints Advocacy Service, the independent complaints advocacy service who will be able to help you.

  • Write to: Health Complaints Advocacy Service (HCAS), C/O The Advocacy People, PO Box 375, Hastings TN34 9HU
  • Call 0330 440 9000
  • Email The Advocacy People

If you are unhappy with the outcome of your complaint, you can ask the Parliamentary and Health Service Ombudsman to review. The Ombudsman will only consider complaints that have already been investigated by the Trust. You can call their complaint helpline on 0345 015 4033.

Changes to this privacy notice

We will occasionally update this privacy and fair collection webpage to reflect company and customer feedback. We therefore encourage you to periodically review this webpage in case of any changes.

Devon and Cornwall care record

Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.

This shared system is called the Devon and Cornwall care record.

It’s important that anyone treating you has access to your shared record so they have all the information they need to care for you. This applies to your routine appointments and also in urgent situations such as going to the emergency department, calling 111 or going to an out-of-hours appointment.

It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.

Only authorised health and care staff can access the Devon and Cornwall care record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data; just data that services have agreed is necessary to include.