The Data Protection legislation requires us to process your personal data fairly and lawfully.

We take our duty to protect your personal information and confidentiality very seriously, and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible.

You can find more detail below or by reading our Privacy Notice leaflet.

Read our Privacy Notice for Employees.

Read our Supplementary Privacy Notice on COVID-19 for Patients/Service Users

This policy sets out how The Cheshire and Wirral Partnership NHS Foundation Trust (CWP) processes and stores personal information relating to our patients and users of our websites.


The information held in your health record is important for your care. It is a record of your relationship with those caring for you. This relationship is based on mutual trust and confidence and we continue to do everything possible to protect that trust. Staff will ask for information about you and this policy will explain what information is collected and the reasons why it is needed.

Contacting us


If you would like to know more about information we hold, or wish to make a complaint about the use of your information, you can contact:

Alternatively, you can contact the Information Commissioner’s Office at the following address:

Information Commissioner’s Office
Wycliffe House
Water Lane

Telephone number: 0303 123 1113

Health and social care professionals working with you (such as doctors, nurses, support workers, psychologists, occupational therapists, social workers and other staff involved in your care) keep records about you, your health, and any care and treatment you are offered or receive. This may include: 

  • Name, address, date of birth, phone number, and email address (where you have provided it to enable us to communicate with you)
  • Your next of kin and contact details
  • Notes and reports about your physical or mental health and any treatment, care or support you need and receive
  • Results of your tests and diagnosis, including medical imaging
  • Relevant information from other professionals, relatives, or those who care for you or know you well
  • Any contacts you have with us such as home visits or outpatient appointments
  • Information on medicines, side effects and allergies
  • Patient experience feedback and treatment outcome information you provide.

Most of your records are electronic and are held on a computer system and secure IT network. New models of service delivery are being implemented, with closer working with GPs and other healthcare and social care providers. To assist this, other electronic patient record systems to share your information will be used. At the relevant point you will be given the opportunity to say no and to opt-out of having your information held on these systems. Should you choose to opt-in, please note that at any point afterwards you can change your mind and opt-out by informing your GP and/or relevant health professional involved in your care.

To ensure safe and secure services the Trust operates closed circuit television systems in some areas of the Trust. 

Data protection law recognises the difference between personal data and that of a more sensitive nature such as racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences. 

GDPR adds a special data category of genetic data and biometric data that is processed to uniquely identify an individual. 

As a healthcare organisation, CWP will therefore collect sensitive data as defined above. For example:

  • When submitting a referral request
  • When submitting your story to be considered as case study 

However we do not solely collect healthcare information. Other information will include religious information, for example to make us aware of dietary requirements or limits to treatment, or philosophical beliefs, for example for patients who are vegan and therefore have requirements regarding particular medicines. 

Every day we are working to ensure that our staff provide inclusive services to all patients, which meet their needs and are delivered with kindness, dignity and respect, irrespective of any equality characteristic such as gender, race, religion or disability status. We also want to ensure that all our staff are treated similarly with kindness, dignity and respect. Staff and patient surveys are a key mechanism in helping us achieve this as we carefully consider their experiences and feedback to help shape our policies and culture. An equality monitoring form is also sent with all complaint acknowledgements to advise the Trust on this important area. As such, we gather, analyse, report and monitor our workforce and patients equality data by protected characteristics.

It is important that the details you provided are accurate and you let us know of any changes, for example, if you change your address or GP. Information collected about you to deliver your health care is also used to assist with:

  • Making sure your care is of a high standard
  • Using statistical information to look after the health and wellbeing of the general public and planning services to meet the needs of the population
  • Assessing your condition against a set of risk criteria to ensure you are receiving the best possible care
  • Preparing statistics on our performance for the Department of Health and other regulatory bodies
  • Helping train staff and support research
  • Supporting the funding of your care
  • Reporting and investigation of complaints, claims and untoward incidents
  • Reporting events to the appropriate authorities when we are required to do so by law
  • Contacting you to improve services e.g. to take part in surveys or consultations about our services

Our staff are trained to handle your information correctly and protect your privacy. We aim to maintain high standards, adopt best practice for our record keeping and regularly check and report on how we are doing. Your information is never collected for direct marketing purposes, and is not sold to any third parties. Your information is not routinely processed overseas, and if it is, we undertake to inform you. Care may be provided by a care team which may include people from other organisations such as health, social care, education, or other care organisations. Local hospitals, GPs and Social Services in some areas are able to view a summary electronic record.

This Trust shares summary information with health and social care professionals in some areas e.g. Cheshire Care Record, Physical Health and GPs. Access to these systems are very tightly controlled and monitored. Further information for the Cheshire Care Record may be found on the Cheshire Care Record website.

Locally across Cheshire and Merseyside, data is being shared securely with a data processor called System C for the purposes of protecting public health, providing healthcare services to the public, planning health care services and monitoring and managing Covid 19 outbreaks. No data that identifies a person will be used for purposes other than direct care.

If you have previously opted out of data sharing your data will not be used. The overarching purpose for data sharing is to support a set of Population Health analytics for population level planning and improvement of outcomes and also the targeting of direct care to vulnerable populations in need.

If we need to use your personal information for any reason beyond those stated above, we will discuss this with you. You have the right to ask us not to use your information in this way. However, there are exceptions to this which are listed below:

The public interest is thought to be of greater importance, e.g;

  • If a serious crime has been committed

  • If there are risks to the public or our staff

  • To protect vulnerable children or adults

  • We have a legal duty, for example registering births, reporting some infectious diseases, wounding by firearms and Court Orders.

  • We need to use the information for medical research. We have to ask permission from the Confidentiality Advisory Group (appointed by the NHS Health Research Authority)

Health records are stored on computers and in paper files and we have a legal duty to keep these confidential, accurate and secure at all times in line with Data Protection laws.

The legal basis for the processing of data for these purposes is that the NHS is an official authority with a public duty to care for its patients, as guided by the Department of Health and Data Protection law which says it is appropriate to do so for health and social care treatment of patients, and the management of health or social care systems or services.

Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care.

Data Protection law gives individuals rights in respect of the personal information that we hold about you. These are:

  1. To be informed why, where and how we use your information.

  2. To ask for access to your information.

  3. To ask for your information to be corrected if inaccurate or incomplete.

  4. To ask for your information to be deleted or removed where there is no need for us to continue processing it.

  5. To ask us to restrict the use of your information.

  6. To ask us to copy or transfer your information from one IT system to another in a safe and secure way, without impacting the quality of the information.

  7. To object to how your information is used.

  8. To challenge any decisions made without human intervention (automated decision making).

We aim to work with you on any request, complaint or question you have about your personal information. However, if you believe we have not adequately resolved a matter, you have the right, at any time, to complain to the Information Commissioner’s Officer (ICO).

As an independent UK authority, the ICO upholds information rights in the public interest, promotes openness by public bodies and data privacy for individuals. You can visit the ICO website for details.

Accessing your health records

To request copies of your personal information, please contact the subject access request team:

You have had the right to receive copies of letters about you. However, letters may be withheld if it is thought it may be detrimental for you to receive a copy. If the Trust holds your email address, communication may be emailed unless you wish to opt out of receiving emails. The Trust cannot guarantee the security of emails.

Freedom of Information Act 2000 (FOI)

The FOI Act allows the public to request general information which the Trust holds such as policies or minutes of meetings. To make a request, email or write to the Trust.

When you visit our website, you may provide us with personal information such as:

  • Your name
  • Your contact details
  • Your date of birth
  • Your gender
  • Your credit/debit card details
  • Your job title
  • Your employment history
  • Information on your usage of our website

Here are some examples of when you can provide us with personal information on this website:

  • When contacting us with an enquiry either via webform or email link
  • When signing up to a newsletter
  • When purchasing an event ticket
  • When giving feedback
  • When filling out a form
  • When you apply for a job with us

How we use cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, and sometimes provide useful information to the owners of the site.

There are some cookies necessary to this site functioning, such as interacting with our accessibility toolbar. These cookies will usually remove themselves when you close your browsing session. More information can be found in the ‘Necessary cookies’ section.

We use some additional cookies, such as Google Analytics, to help us gather information and improve the website. You have the option to deny use of these cookies; more information can be found in the ‘Additional cookies’ section.

You can find information on managing and deleting cookies on the Information Commissioners Office.

Necessary cookies

The following cookies are necessary to our site functioning.

Cookie Purpose Expiry
cookieconsent_status Persistently records your option regarding additional cookies. 1 year

Necessary accessibility cookies

The following necessary cookies allow the functions within our accessibility toolbar to work optimally.

Cookie Purpose Expiry
accessibility-controls Records option regarding additional cookies. End of browsing session
saveFontSize Allows the website (CMS) to record if the user’s font size selection. End of browsing session
contrast-mode Allows the website (CMS) to record the user’s contrast mode selection. End of browsing session
googtrans Allows the language of page content to be changed and records the language selected. End of browsing session

Additional cookies

The following third-party cookies are used for analytical and media purposes.

If you do not accept use of these additional cookies, some third-party media content – such as YouTube, Vimeo or Google Maps – may not load on this website.

Analytics cookies

In order to help us to improve the content, format and structure of this website we record and analyse how visitors use the using Google Analytics.

You can read Google’s extensive information on data practices in Google Analytics.

You can opt-out of Google Analytics on our website by denying additional cookies or by using the Google Analytics Opt-out Browser Add-on.

Cookie Purpose Expiry
_ga Distinguishes user for Google Analytics. 2 years
_gid Distinguishes user for Google Analytics 1 day
_gat Throttles request rate for Google Analytics. 1 minute
_ga_{ID} Persists session state for newer versions of Google Analytics. 2 years
_gat_gtag_UA_{ID} Persists session state for older versions of Google Analytics. 1 minute
__utma Distinguishes user and session for Google Analytics. 2 years
__utmb Determines new session or visit for Google Analytics. 30 minutes
__utmc Determines new session or visit for Google Analytics. End of browsing session
__utmz Stores traffic source for Google Analytics. 6 months

Embed cookies

We may use embeds from YouTube, Google Maps or Vimeo on our site to display content. That content uses the following third-party cookies. Where possible, we will use privacy-oriented settings to ensure as few cookies as possible require consent.

These additional cookies that remain, and the content from which they stem, will not display on the site unless you choose to ‘Accept additional cookies’.

Cookie Source Purpose Expiry
CONSENT YouTube ( Google cookie tracking consent with analytics and/or ad integration. 2 years
CONSENT Google Maps ( Google cookie tracking consent with analytics and/or ad integration. 2 years
__cf_bm Vimeo ( Vimeo ClouldFlare layer which filters out requests from bots. 39 minutes

Captcha cookies

We use Google reCAPTCHA in order to verify whether or not you are a human when submitting data to the website. Most of the time, this will only be present on pages containing forms.

Cookie Source Path Purpose Expiry
Google ( /recaptcha Provides risk analysis to Google spam protection. 6 months