|Scheduled review date:
|This policy will be reviewed annually or as per relevant legislation/guidance changes.
The purpose of this policy is to:
- Ensure that Merseycare Julie Ann (MCJA) follows the guidance of the Information Commissioners Office (ICO) in regard cookies and how the organisation uses them on its website.
To support MCJA in meeting the following Key Lines of Enquiry:
|Key Line of Enquiry (KLOE)
|W2: Does the governance framework ensure that responsibilities are clear, and that quality performance, risks and regulatory requirements are understood and managed?
To meet the legal requirements of the regulated activities that MCJA is registered to provide:
- The Privacy and Electronic Communications (EC Directive) Regulations 2003
- General Data Protection Regulation 2016
- Data Protection Act 2018
The scope of this policy may affect individuals and/or stakeholders directly or indirectly, both internally and external to MCJA, and may include:
- All staff
- Customers their carers, and family
- Advocates and/or Representatives
- Commissioners and/or Local Authorities
- External health professionals
The objectives of this policy are to:
- Ensure MCJA has established ways of working in terms of the use, storage, retention, and security of personal data and will ensure that all Data Subjects, including Customer, understand the ways in which personal data, collected by the organisation via its website, is processed.
To inform all other Data Subjects we will use the organisations Fair Processing Notice. The use of this notice informs our Customers and other Data Subjects about how we will process personal data other than personal data collected via the MCJA website.
MCJA will, therefore, update its processes for collecting consent for cookies. In practice, this means:
- Users must take a clear and positive action to consent to non-essential
- All MCJA websites and apps will clearly tell users what cookies will be set and what they do, including any third-party
- Pre-ticked boxes or any equivalents, such as sliders defaulted to “on”, will not be used for non- essential
- The user will have control over any non-essential
- Non-essential cookies will not be set on landing pages before MCJA gains the user’s consent.
Consent is not required for cookies that are defined as “strictly necessary” or that fall within the communication exemption. “Strictly necessary” cookies are those that are essential to providing the service requested by the user. Such cookies will be essential to fulfil their request. Those that are simply helpful or convenient, but not essential, or that are essential for the purposes of MCJA, will still require consent. The communication exemption is about the transmission of a communication over an electronic communications network. For the exemption to apply, the transmission of the communication must be impossible without the use of the cookie. Simply using a cookie to assist the communication is insufficient for the exemption to apply.
MCJA notes, in particular, that cookies used for analytical purposes or those used for marketing and advertising will always need consent as they are considered to be non-essential. Furthermore, MCJA understands that this guidance may change as the latest draft legislation is subject to some challenges on this point.
MCJA will refer to the ICO’s cookie guidance https://ico.org.uk/for- organisations/guide-to-pecr/cookies-and-similar-technologies/ to keep up to date on the types of cookies that require consent and changes that may arise.
Should MCJA have any concerns or queries in relation to the Privacy Statement, we will seek legal advice to ensure that the policy is compliant.
MCJA has in place a Fair Processing Notice to inform all other Data Subjects, including Customers, about how the organisation processes personal data other than personal data collected via the website.