Cookies

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

Our cookie policy contains more information about the types of cookies we use, and how you can control your cookie preferences.

Cookie policy

Essential Cookies

Cookies serve useful purposes, such as:

  • maintaining a "session key" which is required in order to allow users to log in to websites and portals;
  • assigning unique security keys that protect user privacy by ensuring that users' form submissions are not hijacked by hackers;
  • maintaining a server key so that, in multi-server environments, users are not randomly jumped between servers such that they are forced to repeatedly login.

These kinds of cookies are broadly known as "Essential Cookies", i.e. they are absolutely required in order to allow the operation of the application and to protect the privacy and data of users, and these have a special meaning with the UK GDPR.

Our website Cookies

By default, VerseOne CMS (VerseOne is our website provider), uses only one Essential Cookie, which is called JSESSIONID: this cookie is destroyed at the end of a user's session, i.e. when a user logs out and leaves the site, or after 20 minutes of inactivity on a VerseOne CMS-powered site.

VerseOne CMS does not track users across sites, and JSESSIONID does not enable any functionality except the three items listed above.

JSESSIONID is an Essential Cookie — it is absolutely required for the operation of the solution and for the protection of users' data and security. For this reason, it cannot be switched off and users cannot opt out.

VerseOne CMS also uses VOPECRA, a long-term non-tracking cookie that is only placed on the user's browser if the user accepts cookies: VOPECRA is the cookie that remembers that the user has accepted cookies.

If the option is switched on, VerseOne CMS also uses KMLI, a medium-term non-tracking cookie that is only placed on the user's browser if the user selects the Remember Me login feature.

Finally, solutions hosted within VerseOne's high-availability Managed Cloud Services environment also use a session management cookie that maintains the user's context across multiple servers: this has the format TS0xxxxxxx.

So, by default, all sites hosted on VerseOne's environment will have JSESSIONID and TS0xxxxxxx. Depending on configuration and user choices, they may also see VOPECRA or KMLI.

VerseOne CMS Cookies
Name Duration Function Size
JSESSIONID Session Essential cookie for software functionality including session management for authentication, form submission validation, load-balancer configuration. Secured and does not track across websites (domain-specific). Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity. 44B
VOPECRA 'Permanent' (multi-year duration) Remembers that a user has accepted cookies from a specific VerseOne CMS-powered website, enabling cookies from GA and Code Droplets (where configured). Secured and does not track across websites (domain-specific). 8B
KMLI_FRONTEND Configurable duration Remembers the user so that they do not have to explicitly login to the CMS or front-end features. Secured and does not track across websites (domain-specific). Duration is configurable in VerseOne CMS (default is 2 weeks). 141B
TS0xxxxxxx Session Essential cookie for maintaining context across VerseOne 's multiple high-availability application servers and secure Web Application Firewall (WAF). Secured and does not track across websites (domain-specific).  Expires at explicit session end (i.e. explicit log out) or 20 minutes of inactivity. 116B

Third Party Cookies

Many organisations do legitimately seek information on how people use their websites and digital solutions, so that they can genuinely improve their service to their users — and VerseOne makes this possible through two mechanisms:

  • the ability to enter a Google Analytics (GA) ID at site level;
  • the ability to enter any other third party code (which may or may not include cookies) through the Code Droplets Module.

Google Analytics

Google Analytics Cookies

The NELFT website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyse how users use the site.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Links to other websites

The NELFT website contains links to other websites of interest. However, once you have used these links to leave this website, you should note that we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide while visiting such websites, and such websites are not governed by our privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. We recommend that you review the websites privacy policy as a precautionary measure. The trust does not endorse any external sites and is not responsible for their content.

Fair Processing Notice

NELFT (the Trust) processes information about you in order to provide health care services, and in doing so has to comply with the requirements of the Data Protection Act 2018.  This means that data held about you must only be used for specific purposes as defined by law.  This Fair Processing Notice has been created to inform you about the types of information held about you, why that information is held about you, and to whom that information may be shared.

Read our full Fair Processing Notice here: Fair Processing Notice 

Privacy - The Data Protection Act 2018

The Data Protection Act 2018

North East London Foundation Trust  is the Data Controller for this website under the Data Protection Act 2018.

We will process your data in accordance with the Data Protection Act and we have a legal duty to protect any information we collect from you.

The purpose of the privacy policy is to inform you as a user of the site about what information we collect when you visit the site and how we use that information.

We want you to feel secure when visiting the site. We are committed to respecting your privacy. We do not pass on your details to any third party or other government department.

If you have any questions in regards to your information and how it is used, please contact the Information Governance Team.

Email information.governance@nelft.nhs.uk, (IG@nelft.nhs.uk) or the Trust’s DPO (Data Protection Officer): Robert.paley@nelft.nhs.uk