When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

Our cookie policy contains more information about the types of cookies we use, and how you can control your cookie preferences.

Cookie policy

Essential Cookies

Cookies serve useful purposes, such as:

  • maintaining a "session key" which is required in order to allow users to log in to websites and portals;
  • assigning unique security keys that protect user privacy by ensuring that users' form submissions are not hijacked by hackers;
  • maintaining a server key so that, in multi-server environments, users are not randomly jumped between servers such that they are forced to repeatedly login.

These kinds of cookies are broadly known as "Essential Cookies", i.e. they are absolutely required in order to allow the operation of the application and to protect the privacy and data of users, and these have a special meaning with the UK GDPR.

Our website Cookies

By default, VerseOne CMS (VerseOne is our website provider), uses only one Essential Cookie, which is called JSESSIONID: this cookie is destroyed at the end of a user's session, i.e. when a user logs out and leaves the site, or after 20 minutes of inactivity on a VerseOne CMS-powered site.

VerseOne CMS does not track users across sites, and JSESSIONID does not enable any functionality except the three items listed above.

JSESSIONID is an Essential Cookie — it is absolutely required for the operation of the solution and for the protection of users' data and security. For this reason, it cannot be switched off and users cannot opt out.

VerseOne CMS also uses VOPECRA, a long-term non-tracking cookie that is only placed on the user's browser if the user accepts cookies: VOPECRA is the cookie that remembers that the user has accepted cookies.

If the option is switched on, VerseOne CMS also uses KMLI, a medium-term non-tracking cookie that is only placed on the user's browser if the user selects the Remember Me login feature.

Finally, solutions hosted within VerseOne's high-availability Managed Cloud Services environment also use a session management cookie that maintains the user's context across multiple servers: this has the format TS0xxxxxxx.

So, by default, all sites hosted on VerseOne's environment will have JSESSIONID and TS0xxxxxxx. Depending on configuration and user choices, they may also see VOPECRA or KMLI.

VerseOne CMS Cookies
Name Duration Function Size
JSESSIONID Session Essential cookie for software functionality including session management for authentication, form submission validation, load-balancer configuration. Secured and does not track across websites (domain-specific). Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity. 44B
VOPECRA 'Permanent' (multi-year duration) Remembers that a user has accepted cookies from a specific VerseOne CMS-powered website, enabling cookies from GA and Code Droplets (where configured). Secured and does not track across websites (domain-specific). 8B
KMLI_FRONTEND Configurable duration Remembers the user so that they do not have to explicitly login to the CMS or front-end features. Secured and does not track across websites (domain-specific). Duration is configurable in VerseOne CMS (default is 2 weeks). 141B
TS0xxxxxxx Session Essential cookie for maintaining context across VerseOne 's multiple high-availability application servers and secure Web Application Firewall (WAF). Secured and does not track across websites (domain-specific).  Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity. 116B

Third Party Cookies

Many organisations do legitimately seek information on how people use their websites and digital solutions, so that they can genuinely improve their service to their users — and VerseOne makes this possible through two mechanisms:

  • the ability to enter a Google Analytics (GA) ID at site level;
  • the ability to enter any other third party code (which may or may not include cookies) through the Code Droplets Module.

Google Analytics

Google Analytics Cookies

The NELFT website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Links to other websites

The NELFT website contains links to other websites of interest. However, once you have used these links to leave this website, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by our privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. We recommend that you review the websites privacy policy as a precautionary measure. The trust does not endorse any external sites and is not responsible for their content.

Fair Processing Notice

NELFT (the Trust) processes information about you in order to provide health care services, and in doing so has to comply with the requirements of the Data Protection Act 1998.  This means that data held about you must only be used for specific purposes as defined by law.  This Fair Processing Notice has been created to inform you about the types of information held about you, why that information is held about you, and to whom that information may be shared.

Read our full Fair Processing Notice here: Fair Processing Notice 

Privacy - The Data Protection Act 1998

The Data Protection Act 1998

North East London Foundation Trust  is the Data Controller for this website under the Data Protection Act 1998.

We will process your data in accordance with the Data Protection Act and we have a legal duty to protect any information we collect from you.

The purpose of the privacy policy is to inform you as a user of the site about what information we collect when you visit the site and how we use that information.

We want you to feel secure when visiting the site. We are committed to respecting your privacy. We do not pass on your details to any third party or other government department.

Below we give an overview of how we do that.

Social Media Acceptable Use Guidance

The Trust uses social media platforms, such as Twitter, Facebook, LinkedIn, YouTube and Instagram to provide information to people that use our services, their carers and the wider public. We welcome comments and engagement with our posts and the digital content we post on our social media accounts.

The Trust Communications team manage the platforms. These staff are not medical professionals or clinicians. If you need help from a specific Trust service you should get in touch directly using the contact details you have been given.

We know and respect that people may have different views and experiences they want to share on social media, but the Trust will not tolerate or accept any form of cyber-bullying on our platforms.

We will act if content in any format (such as comments, videos, images, GIFs, attachments, links or emojis) is interpreted as:

  • Defamatory, slanderous, misleading, or false
  • Abusive or threatening – this includes swearing, adapted spellings with the same meaning, etc
  • Intimidatory towards our staff, elected members, or other platform users
  • Mentions a staff member or service user by name, making them identifiable to others
  • Containing allegations against staff or other service users
  • Inciting hate crime or hate crime words
  • Obscene, profane, or sexually-oriented
  • Discriminatory in any way
  • Promoting illegal activity
  • Promoting individual products or services
  • Completely off-topic
  • The same message posted many times, otherwise known as ‘spamming’
  • Controversial, irrelevant, and off-topic, otherwise known as ‘trolling’

The action we will take

If your content falls into the categories listed above, the Trust may take steps to hide or delete the post. Our approach will be to:

  • Respond to your content and/or direct message. We will explain the reason we deem the post to be inappropriate and ask you to remove the post immediately.
  • If you do not respond in a timely manner, we will have no option but to block your access to our social media accounts. We will let you know before we do this.
  • In serious cases such as allegations against staff or if the content is part of an investigation or could be deemed a safeguarding issue, we will have no option but to immediately remove the comment.
  • If we see frequent posts and comments that are deemed as inflammatory, misleading, controversial or many posts which may cause distress, we will take immediate action to block your account. We will not have time to tell you we are doing this.

In some cases, we may take action to screenshot a post/s and save them offline. We will store these in line with GDPR guidelines and in some cases, we may alert or forward posts to service managers, the police or partner organisations, if there is a need to raise awareness of the content or if it is to be used to support action that will be taken including an investigation.

Personal cases

The Trust will not discuss information relating to an individual on a social media platform – even if the case relates to you or someone known to you. In these circumstances we want people to talk to us directly, the Trust take your concerns seriously and we would encourage you in the first instance to talk directly to the service. If you wish to discuss your care or treatment, submit a compliment or complaint, you can do this by contacting our PALS team. For independent support, you can contact local Healthwatch organisations.

Hate crime

Hate crime is defined as any incident that is seen by the victim (or any other person) as being motivated by prejudice or hate towards their actual or perceived social identity. The law recognises five types of hate crime based on:

  • Race
  • Religion
  • Disability
  • Sexual orientation
  • Transgender identity

In these instances where the law recognises any hate and harassment as a crime then action will be taken in line with criminal or non-criminal behaviour is described as actions such as offensive comments or images on social media or text messages.


The Trust has a duty of care to protect vulnerable adults and children that we meet or encounter from abuse and harm. The Trust have safeguarding policies in place which will be referred to if a safeguarding issue has been identified. Action on any content that can be deemed a safeguarding issue will mean that the posts/posts will be saved offline and passed on to the relevant organisation to ensure we retain our duty of care.

Threatening behaviour and allegations against staff and elected members

We have a zero-tolerance to threatening behaviour on our social media accounts and we will immediately remove any content that can be deemed as threatening, harassment or could cause distress to our staff or elected members. We may screenshot posts and forward them to colleagues within our Trust, the police and partner organisations.