Privacy Policy

Our contact details:

Data Protection Officer (DPO): Sarah McSweeney

Address: Community Health Partnerships Limited, Suite 12b, Manchester One, 53 Portland Street, Manchester, M1 3LD


Phone number: 0161 509 3340

CHP’s Privacy Policy ensures there are adequate safeguards in place for the data the Company holds on its customers and ensures this information is used appropriately.

Personal data

Community Health Partnerships often holds information relating to its customers which identifies individuals. This is considered to be personal data. Community Health Partnerships will not collect any personally identifiable information about you (i.e. your name, address, telephone number or email address) unless you provide it to us voluntarily.

The types of personal data processed will vary depending on the data we require in order to deliver the requested service. We may need to process both ‘personal data’ as defined in Section 3(2) of the Data Protection Act 2018 and or ‘special category personal data’ as defined in Article 9(1) GDPR.

Data subject: an individual such as yourself

Data controller: an organisation who decides how data is used.

Data processor: an organisation or person who processes data on a data controller’s behalf.

Processing: how we use your data, including storing, sharing, and deleting data.

Type of personal information we collect

We currently collect and process the following information (not an exhaustive list):

  • Name
  • Address
  • Email address
  • Phone number
  • Financial information
  • Job titles
  • ID numbers

Personal data can take many different forms and all data is assessed on a case-by-case basis to determine whether the information is considered personal data.

Special category data

Some categories of personal data are considered highly sensitive and require enhanced management. Special category data includes:

  • Racial or ethnic origin
  • Religious beliefs
  • Trade union membership
  • Physical or mental health
  • Sexual orientation
  • Criminal data

All special category information is handled diligently and is stored with appropriate safeguards to ensure the data is managed safely.

Legal basis for processing data

CHP is an NHS Company working in partnership with local health and care systems to provide innovative and sustainable spaces for patient care. All personal data is processed to enable us to deliver these services to our customers.

We can process your personal data if we meet one or more of the following legal reasons as set out in data protection legislation (article 6):

  • to fulfil a contract
  • to comply with a legal requirement
  • if a task is carried out in the public interest
  • to carry out our core business functions
  • to protect your vital interests
  • to protect your life (e.g. emergency medical care)
  • we have your consent

Legitimate interests: We may use personal data on the basis for our own- or third-party legitimate interests. This can include the use of employee data, fraud prevention, intra-group transfers, IT security, or disclosing criminal acts to authorities, but this is not an exhaustive list.

Legal obligations: certain statutory obligations require us to process personal data and, in some circumstances, to provide it to third parties, such as law enforcement.  Where such obligations arise, we will, insofar as is possible without breaching any other duty we owe to those services, advise you of our intention to process your data for their purposes. Under anti-money laundering legislation, we are required to verify the identity of individuals and companies and the beneficial owners of organisations and trusts prior to commencing our services.

We maintain a register of all data processing in accordance with the law. This includes the legal basis for all data processing decisions.

Duration of Processing

We will process personal data for so long as you instruct us to do so and in accordance with our professional, legal and statutory rights and / or obligations. 

Personal data we collect are managed in accordance with our Data Retention Policy which reflects current legal obligations.  Retention periods for personal data vary and can be requested from Community Health Partnerships as a Freedom of Information request.

Protecting your data

We protect your personal data by:

  • using systems that have appropriate technical measures
  • ensuring all suppliers have adequate data processing
  • regularly testing our IT systems
  • only giving authorised staff access to your data
  • regularly training our staff to develop their data protection and data handling knowledge
  • following clear and transparent processes
  • regularly reviewing our processes and data handling practices
  • regularly deleting data that is no longer needed in line with CHP’s Record Management Policy and Data Protection Policy.

Use of Data Processors

As part of our service delivery it is necessary for us to use processors.

Our IT is largely provided by parties external to Community Health Partnerships.  Some solutions we utilise are cloud based and our need to rely upon those systems varies depending upon the services we deliver to you.

We also use a number of ancillary service providers in the delivery of our services to our customers.  All ancillary service providers are contracted to provide at least the same level of protection for personal data as we do. 

All Community Health Partnership’s processors are contractually prohibited from using an individual’s personal data for their own purposes.

Right of Access to Data

Under data protection legislation, you have the right to copies of the personal data which we hold about you. Under this right, you can request copies of your data we hold including any records and emails.

Under this right, we will tell you:

  • the name of the record
  • where we obtained your personal data from
  • how long we keep your personal data for
  • categories of personal data
  • the reason we hold your personal data

If you submit a request for your information, we have one calendar month to comply.  However, in certain situations this can be extended by an additional two months, and we will inform you if it is applicable.

We always aim to provide you with copies of your data, but some records may be withheld in part or in full. This may be because:

  • it constitutes legal advice
  • it would affect our positions in negotiations
  • it would adversely affect the rights and freedoms of other people

If information cannot be released, we will inform you of this. Requesting copies of your personal information (subject access request) is free of charge and can be made by contacting the Data Protection Officer.

Right to Rectification and Amending data errors

The right of rectification provides you with the opportunity to tell us if any of the data we hold on you is incorrect.  Under this right, we can amend information that is factually incorrect such as:

  • names
  • addresses
  • email addresses


However, some records cannot be changed if we maintain that they are still correct.  This includes where we have substantial evidence that the information is correct. However, where this is the case, we will make a comment on the case file which reflects your objection.

To apply your right of rectification, please contact the Data Protection Officer.

Right to Erasure and Deletion

Data protection legislation gives you the right to ask for your data to be deleted. This is called the right of erasure. This right is not just an ‘opt-out’ of you receiving a service.  It is a request for all information we hold on you to be deleted from our systems.

This is not an absolute right and can only be applied if certain conditions are met. 

You can apply the right of erasure if one of the following applies:

  • it is no longer necessary for the purpose it was collected or processed
  • we were processing under consent (and you’ve withdrawn consent)
  • if you object to the processing and there are no legitimate grounds for the processing
  • if we are legally required to delete the information
  • if the information has been collected for information society services

Right to the Restriction of Processing

The right of restriction is where you tell us to stop using your personal data.  This is not an absolute right and can only be used when one of the following applies:

  • you do not believe that the personal data we hold is accurate and we are verifying the accuracy
  • we did not have a legal reason to use your personal data
  • we no longer need the data, but you want us to keep it to establish, exercise or defend a legal claim
  • you have used your right of objection and we are considering our legitimate grounds


If you apply your right of restriction, we will store your personal information securely.  Once restricted, we can only use your personal information if:

  • we have your consent
  • there is a legal claim
  • need to protect the rights of others
  • there is a significant public interest to process

Please be aware that if you restrict our processing, this may cause serious delays and have a high impact on the service that we can provide for you.

Right to data portability

You have the right to have copies of personal data that we hold about you transferred from us to you or another provider in a machine-readable format. This is not an absolute right and can be used in very limited scenarios. 

You can only apply this right if we are processing for one of the following:

  • you have given us your consent
  • it is necessary to fulfil a contract with you

In addition, the data must be:

  • automated (this includes decisions exclusively made by computers)
  • not held in a paper file
  • provided by you

Right to Object to us Processing your Data

You have the right to object to us using your personal data if us processing your data is having a harmful and detrimental effect on your personal situation. 

This is not an absolute right and can only be applied if:

  • we are processing your data because it is in the public interest
  • or there is a legitimate interest to process your data which:
    • override your interests, rights and freedoms
    • or to establish, exercise or defend legal claims.


Profiling is where decisions are made about you based on certain pieces of your personal information. This could be things such as your age, gender or ethnicity. This is not an exhaustive list, and profiling could happen with any factor relating to personal data.  If we are using your personal data to profile you, we will tell you and inform you of your rights.  We will never profile you without your knowledge and will always explain any decision that is made.

Our Data Protection Officer

Data protection legislation requires certain organisations to appoint a Data Protection Officer (DPO).  We aren’t required to appoint a DPO under the UK GDPR but we have decided to do so voluntarily.

The role of the DPO is to:

  • inform and advise us of our data protection processing obligations
  • to monitor our data protection compliance
  • to monitor our data protection policies
  • to assign data protection responsibilities
  • to raise data protection awareness
  • to ensure staff are trained in data protection
  • to audit or facilitate and audit of the organisation
  • to provide advice on and monitor data protection impact assessments
  • to liaise and cooperate with the Information Commissioner’s Office (ICO)
  • to act as a single point of contact for the ICO
Our Data Protection Officer can be contacted by:


Telephone: 0161 509 3340

Address: Community Health Partnerships Limited, Suite 12b, Manchester One, 53 Portland Street, Manchester, M1 3LD

Information Commissioner's Office

Community Health Partnerships is registered as a data controller with the Information Commissioner’s Office (ICO).  

Our registration number is: Z8638965

For independent advice about data protection, privacy and data sharing issues, you can contact the ICO on their website. You can also call them on 0303 123 1113.

You have the right to lodge a complaint to the ICO if you remain unhappy with how we have handled:

  • your personal data
  • your data subject request (e.g. access)
  • a data breach

Please note that the ICO will not normally look into a decision or a case until this has been reviewed by our Data Protection Officer.  If you wish to raise a complaint, please contact the DPO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

ICO website:

Our Website

Given that the Internet is a global environment, using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Our website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of our website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyse trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. Our website also uses cookies. It does not track users when they cross to third party websites, does not provide targeted advertising to them, and therefore does not respond to Do Not Track (DNT) signals.

By browsing this website and communicating electronically with us, you acknowledge and agree to our processing of personal data in this way.

Use of cookies by this website

Cookies are pieces of data that a Web site transfers to a user’s hard drive for record-keeping purposes. The Site uses cookies to aggregate traffic data (e.g., what pages are the most popular). These cookies may be delivered in a first-party or third-party context. We may also use cookies in association with e-mails delivered by us.

Our Site also captures limited information (such as user-agent, HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to our Site; we may use this information to analyse general traffic patterns and to perform routine system maintenance. We also use performance cookies that track patterns of use on the website to understand user’s needs, without collecting any personal identifiable information about you. This information is used to monitor and improve the functionality of our website only.

You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies, please consult the privacy features in your browser.

This website uses Google Analytics, a web analytics service provided by Google, LLC. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. If we ask you for other personal information, we will explain what it is for.

Social media

We offer content on our website related to the work we do. We also provide the ability for you to push this content into your social media feeds.  This means you may find yourself on our website or reading an email from us, and we will offer you a link to another organisation’s website. If you click on these links, we are not responsible or liable for content provided by these third-party websites or personal information they may happen to gather from you.

We do not share this information with any third party other than to store the information in our cloud-hosted databases which are predominantly based in the UK.

Personal Information Promise

CHP has signed-up to the Personal Information Promise.

Updated: February 2024

Skip to content