When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
Cookies serve useful purposes, such as:
- maintaining a "session key" which is required in order to allow users to log in to websites and portals;
- assigning unique security keys that protect user privacy by ensuring that users' form submissions are not hijacked by hackers;
- maintaining a server key so that, in multi-server environments, users are not randomly jumped between servers such that they are forced to repeatedly login.
These kinds of cookies are broadly known as "Essential Cookies", i.e. they are absolutely required in order to allow the operation of the application and to protect the privacy and data of users, and these have a special meaning with the UK GDPR.
Our website Cookies
By default, VerseOne CMS (VerseOne is our website provider), uses only one Essential Cookie, which is called JSESSIONID: this cookie is destroyed at the end of a user's session, i.e. when a user logs out and leaves the site, or after 20 minutes of inactivity on a VerseOne CMS-powered site.
VerseOne CMS does not track users across sites, and JSESSIONID does not enable any functionality except the three items listed above.
JSESSIONID is an Essential Cookie — it is absolutely required for the operation of the solution and for the protection of users' data and security. For this reason, it cannot be switched off and users cannot opt out.
VerseOne CMS also uses VOPECRA, a long-term non-tracking cookie that is only placed on the user's browser if the user accepts cookies: VOPECRA is the cookie that remembers that the user has accepted cookies.
If the option is switched on, VerseOne CMS also uses KMLI, a medium-term non-tracking cookie that is only placed on the user's browser if the user selects the Remember Me login feature.
Finally, solutions hosted within VerseOne's high-availability Managed Cloud Services environment also use a session management cookie that maintains the user's context across multiple servers: this has the format TS0xxxxxxx.
So, by default, all sites hosted on VerseOne's environment will have JSESSIONID and TS0xxxxxxx. Depending on configuration and user choices, they may also see VOPECRA or KMLI.
|Essential cookie for software functionality including session management for authentication, form submission validation, load-balancer configuration. Secured and does not track across websites (domain-specific). Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity.
|'Permanent' (multi-year duration)
|Remembers that a user has accepted cookies from a specific VerseOne CMS-powered website, enabling cookies from GA and Code Droplets (where configured). Secured and does not track across websites (domain-specific).
|Remembers the user so that they do not have to explicitly login to the CMS or front-end features. Secured and does not track across websites (domain-specific). Duration is configurable in VerseOne CMS (default is 2 weeks).
|Essential cookie for maintaining context across VerseOne 's multiple high-availability application servers and secure Web Application Firewall (WAF). Secured and does not track across websites (domain-specific). Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity.
Third Party Cookies
Many organisations do legitimately seek information on how people use their websites and digital solutions, so that they can genuinely improve their service to their users — and VerseOne makes this possible through two mechanisms:
- the ability to enter a Google Analytics (GA) ID at site level;
- the ability to enter any other third party code (which may or may not include cookies) through the Code Droplets Module.
Google Analytics Cookies
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Links to other websites
Fair Processing Notice
NELFT (the Trust) processes information about you in order to provide health care services, and in doing so has to comply with the requirements of the Data Protection Act 2018. This means that data held about you must only be used for specific purposes as defined by law. This Fair Processing Notice has been created to inform you about the types of information held about you, why that information is held about you, and to whom that information may be shared.
Read our full Fair Processing Notice here: Fair Processing Notice
Privacy - The Data Protection Act 2018
The Data Protection Act 2018
North East London Foundation Trust is the Data Controller for this website under the Data Protection Act 2018.
We will process your data in accordance with the Data Protection Act and we have a legal duty to protect any information we collect from you.
We want you to feel secure when visiting the site. We are committed to respecting your privacy. We do not pass on your details to any third party or other government department.
If you have any questions in regards to your information and how it is used, please contact the Information Governance Team.