Privacy policy

We process personal information about you so that we can continue to provide an enhanced level of service to the public for health services. High standards in handling personal information are of the upmost importance to us, because they help us to maintain confidence from our customers, suppliers, partners and the wider UK public.

When we handle your information, we undertake to:

• make sure you know why we need it
• only ask for what we need, and collect the minimal amount required
• protect your information and ensure no one has access to it who should not
• let you know if we are going to share it with other organisations
• make sure we do not keep your information for longer than necessary
• ensure you have the right to request any incorrect information be rectified
• not make your personal information available for commercial use without your consent
• ensure that measures are put in place to allow appropriate consent to be obtained for holding personal information of anyone aged under 13

We additionally undertake to:

• value the personal information entrusted to us and make sure that we abide by the law when it comes to handling your personal information
• ensure we consider security at the outset of any new project where we are planning to hold or use personal information in new ways, and to continue to review existing systems to ensure they are compliant with new laws
• provide training to staff in how to handle personal information, maintain proper oversight of our information assets and respond appropriately if information is not used or protected properly.

We process information to enable us to:

• promote our policies, procedures and services to the public
• maintain our accounts and records and to support and manage our staff

We also process information to include administration of health and social care services, management and administration of land, property and residential property and undertake research.

We operate a CCTV system on our premises for the prevention of crime and the safety and security of our staff and premises.

Paragraph 7 of Chapter 2 to the Data Protection Act 2018 provides that, as an organisation mandated by the UK government, Cornwall Partnership NHS Foundation Trust may process personal data as necessary for the effective performance of a task carried out in the public interest.

Should this provision not apply we will always identify the lawful basis on which your personal information is processed as defined by Article 6 and 9 of the UK GDPR.

We process information about our:

• customers
• employees
• suppliers and providers
• advisers, consultants, and other professional experts
• complaints and enquiries
• students on placements
• academics
• members and supporters of unions
• NHS staff
• members of the public for CCTV purposes
• research applicants
• researchers
• patients and carers
• governors

As a data controller of your personal data, we may, where necessary, and in line with data protection legislation, need to share this (and our data processors may also share information) with other organisations.

Please note the data shared will be dependent on the type of service used within the Trust. The below provides examples of types of organisations where we may, if necessary, share your data.

Types of organisations where we may, if necessary, share.

Type of organisation	Reason for sharing
Employment and recruitment agencies	To obtain an employment reference for recruitment purposes.
Current and past employers	To verify your employment history for recruitment purposes.
Suppliers and service providers	To support the services we provide to the public.
Internal audit and other auditors as required	To support regular audit activities and maintain scrutiny over public authority decision-making and activities.
Health and care organisations	To support your health and wellbeing and better inform care for you.
Other statutory law enforcement agencies	To assist in any legal or fraudulent activity.
Survey and research organisations	To share your information for research purposes where you have consented to be part of a study.
Government regulators	To support organisational audit and investigations such as the Information Commissioner's Office.
The police	To assist with police enquiries in line with relevant legislation.
Home Office	To support payments and charging for overseas NHS treatment.

Devon and Cornwall care record

Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.

This shared system is called the Devon and Cornwall Care Record.

It’s important that anyone treating you has access to your shared record so they have all the information they need to care for you. This applies to your routine appointments and also in urgent situations such as going to the emergency department, calling 111 or going to an out-of-hours appointment.

It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.

Only authorised health and care staff can access the Devon and Cornwall care record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data; just data that services have agreed is necessary to include.

Outside specific exemptions under specific legislation related to personal data your information shall be retained for no longer than the purposes for which it is being processed.

We comply with the Records Management Code of Practice for 2021.

The data we are collecting is your personal information and you have considerable say over what happens to it. As such, you have the right to:

• see what data we hold about you (right of access)
• ask us to stop using your data, but keep it on record (right to erasure)
• have some or all of your data deleted (right to deletion)
• have some of your data corrected (right to rectification)
• lodge a complaint with the Information Commissioner's Office if you think we are not handling your data fairly or in accordance with the law

Data protection legislation allows you to find out the personal information we hold about you on computer and IT records (formerly known as a subject access request).

The legislation requires us to respond to a valid request within 1 month. However, in the event we are unable to meet this timescale (for example due to a large volume of information to be assessed) we will keep you informed of progress towards fulfilling your request.

To make a subject access request, email our subject access request team.

The Trust is working to find ways to develop better treatments for care. The information we hold on you can be used to help our researchers understand more about causes of illnesses and how best to treat them.

We follow strict rules to make sure your personal data is always kept secure and confidential. Where possible, we take out any information that could identify you, such as your name, address and postcode. If we cannot practically take out such information, it is our legal responsibility to ask for your explicit consent or to identify an appropriate legal basis to process your data.

Our organisation is compliant with the national data opt-out policy.

Whenever you use a health or care service or using any of our services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information is not needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Useful links

• Register your choice to opt-out
• How patient information is used for health and care research
• How and why patient information is used, the safeguards and how decisions are made

For all services, we’d like to keep in touch with you to inform you of the valuable work and services we provide. You are always in full control of the messages you receive.

If you are a patient, we will ask you to provide us with additional contact information like your email address and mobile phone number. We do this so that we can provide you with timely communications relating to your appointments, and your treatment. We may contact you about eligible research or evaluation we need your support with. You can always opt out if you wish.

If you want us to change the way we contact you, email our information governance team.

You can use our website without providing any personal details. However, to sign up to any services, you must provide data to support this. Cookies are a record made on your computer that save information about the web pages you visit and services you use. You may disable the use of cookies, but this may limit the functionality of our websites or your access to it.

Cookies are files or pieces of information that are stored by your browser on your computer's hard drive. The Trust may use cookies to collect information about you and to identify you during your visit to our websites, like the particular site areas you visit and the services you use through our websites. We collect this information to better tailor our site to your interests and needs.

Cookies may also be used to help speed up your future activities on our websites. For example, a site can recognise that you have provided personal information to us and refrain from requesting the same information a second time.

We also use cookies for online retargeting purposes to show you relevant adverts from us on third-party sites, including social media websites, based on pages you have visited on our site and others.

We hold cookie information for 30 days before the cookie expires.

Most browsers are initially set to accept a cookie. If you prefer, you can set yours to refuse cookies or to alert you when cookies are being sent. Refusal of cookies at the site you enter may result in an inability to visit certain areas of the site or to receive personalised information when you visit the site.

List of cookies on Cornwall Partnership NHS Foundation Trust website (PDF, 99 KB)

For further information on cookies, consult the help section of your browser. Our cookie information page also provides more information.

Cornwall Partnership NHS Foundation Trust is the data controller for the personal data we hold and process about you.

The data protection officer is Gina Matthews.

• Email Gina Matthews
• Write to Cornwall Partnership NHS Foundation Trust, Information Governance team, Suite 6, Carew House, Beacon Technology Park, Dunmere Road, Bodmin, PL31 2QN

For independent advice about data protection, privacy and data sharing issues, you can contact the independent Information Commissioner's Office.

• Write to: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Call 0303 123 1113
• Visit the Information Commissioner's Office website

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device. For example, a computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

• enabling a service to recognise your device so you do not have to give the same information several times during a task
• recognising that you may already have given a username and password so you do not need to do it for every web page requested
• measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.

You can manage these small files yourself through your browser setting.

The cookie providers listed below may distribute the gathered cookie information with other third-party websites for the purpose of activity tracking. You can find out more about the policy of each cookie provider on their respective privacy pages.

Current cookies

We use a session cookie at all times. The purpose of this cookie is to maintain the state of the site in the effect of a user's selected behaviours for the site as they navigate through it. Examples of these behaviours might be:

• logging in to the site and staying logged in as they click around
• choosing a colour contrast stylesheet
• filling in a multi-page form

This cookie also ensures that if the site is hosted in a load-balanced environment, the visitor’s browsing session stays on the same server throughout their use of the site.

JSESSIONID cookie

• Type: Session
• Expiry: Browser close
• Linked information: Username
• Functions: When a user logs in, maintains authentication state and access rights.

This cookie does not store any personal information about the site visitor, their computer, their visit, or their browsing history. No personal information is collected by VerseOne through the use of this cookie. After the end of the visitor’s session (the browser tab or window is closed, or after an inactivity timeout which is configurable in VerseOne CMS), the cookie’s validity is destroyed and the browser removes the cookie from the visitor’s compute

Be aware that the providers listed below may change their cookie names without notice.

As an example, we use the following cookies on our website:

Cookie: Google Analytics

• Example name: _utma, _utmb, _utmc, _utmz, GAPS, LSID, LSOSID, OTZ
• Purpose: These cookies are used to collect information about how visitors use our site, which we use to help improve it. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. These cookies may also be identified as originating from cornwallft.nhs.uk. More information about Google cookies

Cookie: www.google.com (Google embedded search)

• Example name: __utmx, __utmxx, APISID, HSID, NID, PREF, SAPISID, SID, SSID
• Purpose: These cookies are used to collect information about how visitors use our site, which we use to help improve it. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited and what they have searched for. More information about Google search cookies

Embedded content

We want to provide interesting and engaging content on our website. On a number of pages we use ‘plug ins’ or embedded media. For example, we embed YouTube videos in many pages. We also provide links to share content with popular social media sites such as Facebook, Instagram, YouTube and Twitter.

The suppliers of these services may also set cookies on your device when you visit the pages where we have used this type of content. These are known as ‘third-party’ cookies. Third-party cookies are delivered on behalf of their respective organisations. As such they may change their name and purpose from the cookies identified below, this is beyond the control of Cornwall Partnership NHS Foundation Trust.

Cookie: YouTube

• Example name: PREF, VISITOR_INFO1_LIVE, use_hitbox
• Purpose: To track visitor views, and to remember user preferences when viewing YouTube videos embedded in our website web pages. More information about YouTube cookies

Cookie: Twitter

• Example name: guest_id, remember_checked, remember_checked_on, secure_sessions, twll
• Purpose: To track visitor information and for security authentication. More information about Twitter cookies

Cookie: Facebook

• Example name: guest_id, remember_checked, remember_checked_on, secure_sessions, twll
• Purpose: To track visitor information and for security authentication.

Cookie: Instagram

• Example name: guest_id, remember_checked, remember_checked_on, secure_sessions, twll
• Purpose: To track visitor information and for security authentication.

How to control and delete cookies

We will not use cookies to collect personally identifiable information about you.

However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The help function within your browser should tell you how.

Be aware that restricting cookies may impact on the functionality of our website.

If you wish to view your cookie code, just click on a cookie to open it. You’ll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.

For information on how to do this on the browser of your mobile phone, you will need to refer to your handset manual.

To opt-out of third-parties collecting any data regarding your interaction on our website, refer to their websites for further information.

Full list of cookies on Cornwall Partnership NHS Foundation Trust website (PDF, 99 KB)

The Cornwall Partnership NHS Foundation Trust website uses Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Links to other websites

The Cornwall Partnership NHS Foundation Trust website contains links to other websites of interest. However, once you have used these links to leave this website, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. We recommend that you review the websites privacy policy as a precautionary measure. The Trust does not endorse any external sites and is not responsible for their content.