Staff Privacy Notice
How CornhillCare handles your personal data on this platform
Last updated: May 2026
1. Who we are
CornhillCare operates this internal staff training and compliance platform for employees of The Cornhill Group Service Ltd, registered in England and Wales. We are regulated by the Care Quality Commission (CQC).
2. What personal data we hold about you
- Your name and username
- Your job title, role and employment start date
- Your training completion records and certification expiry dates
- Your Care Certificate progress and uploaded evidence
- Your policy acknowledgement records
- A log of your activity on this platform (audit trail)
- Any security incident reports you submit
- Your account status and login history
3. Why we collect and use your data
- To manage and evidence your training and compliance as required by the CQC
- To track your Care Certificate progress and induction completion
- To maintain a legally required audit trail of compliance activity
- To communicate compliance reminders and announcements to you
4. Legal basis for processing
We process your personal data under the following lawful bases under UK GDPR:
- Article 6(1)(c) — Legal obligation: as a CQC regulated care provider we are required to maintain training and compliance records
- Article 6(1)(b) — Contract: processing necessary for your employment contract
- Article 9(2)(b) — Employment law obligations for any health-related data
5. How long we keep your data
Your training and compliance records are retained for a minimum of 7 years following the end of your employment, in line with CQC requirements and care sector best practice. Audit logs are retained permanently as required by our regulator. Your account will be deactivated when you leave but your records will be retained for the required period.
6. Who has access to your data
Your compliance data is accessible to your line manager, service manager, and director. It is not shared with third parties except where required by law or our regulator.
7. Where your data is stored
All data is stored on servers located in the United Kingdom in compliance with UK GDPR data residency requirements.
8. Cookies
This platform uses strictly necessary cookies only:
- Session cookie: keeps you securely logged in during your session. Deleted when you sign out or close your browser.
- Security cookie: protects against cross-site request forgery attacks.
No tracking, advertising or analytics cookies are used. No cookie consent banner is required.
9. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request erasure (where legally permitted — note retention obligations may apply)
- Object to processing
- Request restriction of processing
To exercise any of these rights, contact your manager or system administrator.
10. Changes to this notice
We may update this notice from time to time. The current version will always be available at this page.
11. Contact
For data protection queries contact your system administrator or manager.
© 2026 CornhillCare. All rights reserved.