Search

Privacy & Cookies Policy

How Bristol Community Health uses your Personal Information and protects your privacy

Please note that Bristol Community Health (BCH) is the Data Controller of your personal data. The principles set out in this Privacy Notice (“Notice”) apply to all instances in which we process your personal data as a Data Controller.

The Purpose of this Document

As a Data Controller we are responsible for deciding how we collect, hold and use Personal Information about you before, during and after your working relationship with us. We are required under data protection legislation to notify you of the information contained in this Notice.

This Notice applies to current and former employees, workers (including Bank), contractors and applicants. If you are an applicant and are seeking further information please contact the BCH Recruitment Team.

This Notice tells you why we need your Personal Information, how we use it and what protections are in place to keep it secure in accordance with the General Data Protection Regulation (GDPR). It is important that you read this Notice, together with any other privacy notice we may provide on occasions when we are collecting or processing Personal Information about you, so that you are aware of how and why we are using such information. This Notice does not form part of any contract of employment or contract to provide services and we may update this notice at any time.

Key Terms used throughout this Document

Term Meaning
“BCH” “we” and “us” Bristol Community Health CIC
“You” Prospective, present and past employees, contractors, applicants, bank workers, and agency staff and people connected to them (such

as the person you nominate to contact in an emergency).

“Data Controller” A person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are or are to be processed
“Data Processor” In relation to personal data any person (other than an employee of the Data Controller) who processes the data on behalf of the Data

Controller

“GDPR” The General Data Protection Regulation EU 2016/679
“Notice” This Privacy Notice
“Personal Information”or “Personal Data” Information and data about you and from which you could be identified
“Sensitive Personal Information” or “Sensitive Personal Data” Information and data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, information concerning health or concerning your sexual orientation.

The Data Protection Principles that we must comply with

The GDPR sets out principles with which Data Controllers and Data Processors must comply when processing Personal Information. As a Data Controller we are required to comply with data protection law and principles, which state that the information we hold about you must be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about;
  • Kept securely by us including where we share it with third parties;
  • Made accessible to you and communicated to you how to exercise your rights in relation to it.

Information we collect and hold about you depending on your relationship with us

You will enter into a relationship with us if (1) you apply to work for us or with us, in which case, you will go through our recruitment process or (2) you work with us as an employee or a contractor. How we collect and use information about you in either case is set out in more detail below.

As defined above, Personal Information or Personal Data means any information about an individual from which that person can be identified. It does not include data or information where the identity has been removed (anonymous data). Sensitive Personal Information or Sensitive Personal Data covers special categories of data about an individual which requires a higher level of protection.

We will collect store and use various categories of Personal Information and Sensitive Personal Information about you depending upon the status of your relationship with us. Details on this are listed at Tables 1, 2 and 3 below.

Privacy at Bristol Community Health

We are committed to protecting your Personal Information and to being transparent about what information we hold. We understand our obligations to help you understand how and why we process your personal data. This Notice tells you about these uses and should be read in conjunction with our Information Governance Policy. It is our policy to:

  • Process your Personal Information fairly and in accordance with applicable laws;
  • Tell you (either directly or in our policies) about how we will use your Personal Information;
  • Only collect Personal Information from you when we need it for legitimate purposes, or legal reasons;
  • Ensure that your Personal Information is adequate, relevant and not excessive for the purpose for which we collect it;
  • Not keep your Personal Information for longer than we need to;
  • Keep your Personal Information secure, and limit the people who can access it;
  • Ensure that you know how to access your Personal Information and exercise your rights in relation to it, including being able to keep it accurate and up-to-date; and
  • Ensure that any third parties we share your Personal Information with take appropriate steps to protect it.

During the Recruitment Process with Us

We will collect Personal Information throughout the recruitment process to determine your suitability to work for us. The information we collect will include the following:

Collecting your Personal Information as part of your application: when you apply for a job with us (whether you already work for us or not), you will be asked to provide Personal Information to support your application and to enable us to determine your eligibility and suitability to work for us. This will include the Personal Information we need to enable us to select the right candidate for the role, and may include things such as past employment details, educational qualifications and skills. We may collect such information directly from you or sometimes through an employment or recruitment agency or background check provider or other third parties.

Pre-employment checks: if you are successful at the recruitment stage we will verify that you meet the preconditions of the role you applied for. There are six NHS Employment Check Standards that outline the type and level of checks we must carry out before recruiting staff into a role. Full details are available on the NHS Employers website at www.nhsemployers.org/your- workforce/recruit/employment-checks

If you are successful in the employment process any Personal Information provided to us may then form part of your HR record which we would hold.

If you are unsuccessful we will keep this information for 12 months from the end of the recruitment process before confidentially destroying it.

During your Employment with Us

We will collect additional Personal Information throughout the period that you work for us. We will use your Personal Information to manage our employment relationship with you for the purposes notified below:

To administer your pay and any associated contractual benefits: we use your bank details and national insurance number (or similar) so that we can make salary payments and pension deductions, pay tax and national insurance contributions. We may share your Personal  Information with external service providers who manage these functions on our behalf under relevant contracts.

To manage other aspects of your employment relationship with us: the Personal Information we collect and use for this purpose will include (or be included in) information about your performance at work (e.g. reviews, records of your training and other compliance requirements), workforce management, succession or other forecasting information, information about absence history including sickness absence, requests for unpaid leave, accident at work records, Occupational Health reports, accident reports and notes of management meetings.

To process employment or work related claims: including grievances, personal injury and compensation claims.

To contact you or your nominated contact in the case of an emergency: we will ask you to provide us with home telephone numbers, mobile numbers and the names of people we can contact in an emergency. Where you nominate a contact for emergencies (e.g. a friend or relative) please ensure you advise them of this arrangement and where applicable, get their consent.

To administer Your Occupational Pension: we collect and use your Personal Information so that we can administer your pension or any other ongoing entitlements once you have stopped working for us. We may share your Personal Information with external service providers who manage these functions on our behalf under relevant contracts.

Our Contact Directory

Your work contact details will be publicly available via the staff directory. This will include name, job title, work address, email address and telephone number. This information may be shared with colleagues, third party organisations and/or members of the public.

The Legal Basis for Processing your Personal Information under the GDPR

We will only use your Personal Information when the law allows us to. The legal basis for processing your Personal Information falls into the following categories:

  • Contractual necessity – processing is necessary for the performance of a contract we have entered into with you or to take steps at your request prior to entering into a contract;
  • Legal obligation – processing is necessary for compliance with a legal obligation to which we (the Data Controller) are subject to;
  • Legitimate interests – where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your Personal Information in the following situations, which are likely to be rare:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest.

Sensitive Personal Information requires higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Information. We may process Sensitive Personal Information in the following circumstances:

  1. In limited circumstances, with your explicit written consent;
  2. Where we need to carry out our legal obligations or exercise rights in connection with employment;
  3. Where it is needed in the public interest, such as for equal opportunities monitoring.

Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

In the limited circumstances, where the Act permits us to collect and process Sensitive Personal Information without requiring your explicit consent:

  • We will process data about your health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to Occupational Health, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without your knowledge and consent.
  • Save in exceptional circumstances, we will process data about your racial and ethnic origin, sexual orientation or religious beliefs only where you have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies.
  • We will process data about any criminal convictions you may have if it is appropriate given the nature of the role and where we are legally able to do so.

On the occasions where we seek your consent to process Sensitive Personal Information this may take the form of questionnaires, surveys and reporting to national bodies about the diversity of our organisation. In such situations we will seek your explicit consent. Having given your consent, if you later wish to withdraw your consent please contact HR.

Tables 1 – 3 below set out the information we hold about you and the legal basis for processing your Personal Information and your Sensitive Personal Information. Some of the grounds we use for processing will overlap and there may be several grounds which legally justify our use of your Personal Information and your Sensitive Personal Information.

Disclosures to third party service providers and organisations

We use third party organisations as Data Processors to carry out certain administrative functions on our behalf. In such situations, a written contract will be put in place to ensure that any personal data disclosed will be held in accordance with the GDPR and the Data Protection Act. The organisations we use are set out in Table 4. This table may be updated from time to time.

We may, from time to time, make other disclosures without your consent. However, these will always be made in accordance with the provisions of the GDPR and the Data Protection Act and your interests will be considered at all times.

In some circumstances we are required to provide your personal data to third parties due to a legal or statutory obligation on us. This includes (but is not limited to) providing information to the HMRC, the Department for Work and Pensions, Child Maintenance Service, local authorities and the Police. Disclosures will only be made in response to a written request. Your data may also be disclosed to third party organisations in the event of a transfer to another employer. Such situations will be managed under the Transfer of Undertakings and Protection of Employment legislation (TUPE) and you will be fully consulted this.

How we protect your Personal Information

We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your Personal Information. You are required to help with this by ensuring that your own Personal Information and that of your colleagues and third parties are kept secure. You should not share your (or anybody else’s) Personal Information unless there is a genuine business reason for doing so.

We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that any Personal Information we hold on computer systems is not accessed by anyone it shouldn’t be. All staff are required to undertake Information Governance training on a regular basis. Details of these measures are available upon request.

When we use third party organisations to process information on our behalf we ask them to demonstrate their compliance with our security requirements and with data protection legislation throughout the time they work for us. These organisations take their instructions from us and their obligations with regard to what information they process and what they can do with it are agreed in the contracts we have with them.

Using your Personal Information for security purposes

Monitoring the use of communications: we will provide you with communication facilities and equipment including email, telephones and access to the internet for business use. Your use of these communications services and facilities must be appropriate. We may block access to certain sites, and may monitor, record and analyse your usage of the communications services and facilities that we provide to you in connection with your role with us. If you work in one of our patient call handling services we may record calls for training and quality purposes.

CCTV: we do not own any CCTV equipment, however, certain locations and buildings used by us in the normal course of our business may use CCTV to enhance the security of property and to protect the people who work at those sites. CCTV will be monitored for security reasons, for evidence of misuse or where there are grounds for suspecting a criminal or serious disciplinary offence has been committed.

Prevention and detection of crime: in the rare event that we have reasonable grounds for suspecting criminal activity or that another serious disciplinary offence has been committed, we

may carry out monitoring without the individual being aware that it is taking place. Any such monitoring may involve any of the above electronic, video or audio systems or use of any other information we may lawfully have about the individual. Such monitoring is only used as part of a specific investigation and must first be authorised by the Director of HR or the Director of Finance.

If you fail to provide Personal Information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as paying you), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Using your information for specific purposes

We will only use your Personal Information or Sensitive Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Data retention

We will only retain your Personal Information and your Sensitive Personal Information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Information and Sensitive Personal Information, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker or contractor of BCH we will retain and securely destroy your Personal Information in accordance with our data retention policy and applicable laws and regulations.

Your rights of access, correction, erasure and restriction

It is important that the Personal Information and Sensitive Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information or Sensitive Personal Information changes during your working relationship with us. If you want to review, verify, correct or request erasure of your information, object to the processing of your data, or request that we transfer a copy of your information to another party, please contact HR in writing.

Under certain circumstances, by law you have the right to:

  • Request access to your information (known as a “data subject access request”). This enables you to receive a copy of the information we hold about you and to check that we are lawfully processing it.
  • Request correction of the information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your information. This enables you to ask us to delete or remove information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your information where you have exercised your right to object to processing.
  • Object to processing of your information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your information for direct marketing purposes.
  • Request the restriction of processing of your information. This enables you to ask us to suspend the processing of information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your information to another party.

You will not normally have to pay a fee to access your Personal Information and your Sensitive Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may also need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Information and your Sensitive Personal Information is not disclosed to any person who has no right to receive it.

Your right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Information or your Sensitive Personal Information for a specific purpose, you have the right to withdraw your consent at any time. To withdraw your consent, please contact the BCH HR Department. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

The BCH Data Protection Officer

The Chief Informatics Officer fulfils the role of Data Protection Officer (DPO) for us. The DPO is responsible for overseeing compliance with this Notice. If you have any questions about this Notice or how we handle your Personal Information, please contact the DPO by:

Writing to the Chief Informatics Officer, BCH, 6th Floor, South Plaza, Marlborough Street, Bristol, BS1 3NX;Calling 0117 456 8757; or Emailing: briscomhealth.dpo@nhs.net

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Information.

Our identity and contact details

We are registered with the Information Commissioner’s Office for the processing of personal data. You can contact the HR or Recruitment team by:

Writing to HR or Recruitment, BCH, 6th Floor, South Plaza, Marlborough Street, Bristol, BS1 3NX; Calling 0117 440 9010 for HR or 0117 440 9270 for Recruitment; orEmailing briscomhealth.askhr@nhs.net for HR or briscomhealth.jobs@nhs.net for Recruitment

Table 1: During the recruitment process with Bristol Community Health

Type of information Why Basis for processing
About you: Name, address, date of birth, preferred language To assess your suitability to work for BCH;
To perform applicant management activities;
In order to comply with legal obligations
To contact you: Name, address, telephone and e-mail
To perform precision matching to job vacancies; For performance of the employment contract
To identify you: Photographs, license detail passport To conduct screening, assessments and interviews; The legitimate interests of the controller or third party, where applicable
About your suitability to work for us: Interview notes, work visas ID information such as passport details and driving licence information To maintain a library of correspondence; To    make   offers   and    provide   contracts   of employment; and
About your skills, knowledge, experience and employment history: CVs, and/or application forms, records of qualifications, skills, training and other compliance requirements. Any other purpose in the legitimate interest of BCH.
Monitoring information: Marital status, nationality, race, gender, religion, details of any disabilities To perform equality and diversity analysis; To comply with our two tick standard (for disabilities.
Your explicit consent.

Table 2: During the pre-employment process with Bristol Community Health

Type of information Why Basis for processing
As provided during the recruitment stage To conduct pre-employment checks (incl. determining your legal right to work and carrying out criminal record checks); In order to comply with legal obligations
About your employment history: References, training history To ensure you are fit and able to carry out the role and/or to determine if reasonable adjustments are required;
To assess your suitability to work for BCH;
For performance of the employment contract
About any criminal convictions: DBS checks (if applicable) declaration form To meet the NHS pre-employment check standards; The legitimate interests of the controller or third party, where applicable
About your right to work: Work   visas   ID   information such passport details To make offers and provide contracts of employment;
About your identity: Passport details, address details To perform equality and diversity analysis; and
About your professional registration: Professional registration, qualifications and English language competency (if applicable) Any other purpose in the legitimate interest of BCH.
About your health: Occupational health checks, information about workplace adjustments, next of kin
About any protected characteristics: Race / ethnicity, beliefs / religious, sexual orientation, disability Your explicit consent

Table 3: During your employment with Bristol Community Health

Type of information Why Basis for processing
As provided during the recruitment stage and pre-employment checks Paying your salary to you;
Staffing including resource planning, recruitment,
In order to comply with legal obligations
About your terms of employment with BCH: Letters of offer and acceptance of employment, your employment contract. Budgetary  and financial  planning and administration; For performance of the employment contract
That we need to pay you: Bank account details, national insurance number Organisational planning and development and workforce management; The legitimate interests of the controller or third party, where
applicable
That we need to provide you with benefits and other entitlements:
Length of service, health information, sickness absence, leave requests (maternity, paternity, adoption, shared parental, annual etc)
Payroll, and benefit planning and administration, including salary, tax and pensions;  
Workforce development, education, training and certification;
Relating to your performance at work: Performance ratings, targets, objectives, records of performance reviews, records and/or notes of 1 to 1s and other meetings, personal development plans, personal improvement plans, correspondence and reports, information about your use of our information and communications systems Performance management;  
Problem resolution, including conducting internal reviews, grievances, investigations, audits;  

Business travel and expense management;
To conduct business reporting and analytics   
Administration of flexible work arrangements;


Work-related injury and illness, including the management of employee Health & Safety, and disabilities;
Relating to discipline, grievance and other employment related
processes: Meeting notes or recordings, correspondence, outcome letters, details relating to trades union membership
To provide HR support and case management;   
To communicate with you and to facilitate communication between you and other people;
Relating to your work travel and expenses: Bank account details, home address, work address, driving licence, vehicle details, MOT and insurance details. Risk management;   
Project Management; 
Training and quality purposes;
elating to your continued suitability to work for us: Professional registration details, DBS checks, Visa / right to work checks To update and enhance our records;  
Monitor absence and sickness records in accordance with HR policy;
About your sickness absence and fitness to work: Fit notes, reasons for absence, dates of absence, Occupational Health and other medical reports, reasonable adjustments Access to, and security of,systems and buildings; and any other purpose in the legitimate interest of BCH.

Table 4: Disclosures to external organisations / bodies

Who What Why
Basis for processing

Absence management provider
(e.g. FirstCare)
Name, date of birth, organisational details (i.e. start date, team, line manager etc), sickness absence reasons and details To monitor absence and sickness records in accordance with HR policy For performance of  the employment contract
 
Legitimate interests of BCH
Pension Provider (e.g. NHS Pensions or Scottish Widows) Name, address, date of birth, pay details, contact details To ensure you pay the correct contribution into your pension

So your pension provider can contact you about your pension details
In order to comply with legal obligations
Payroll provider (e.g. SBS) Full personal details, bank details, pay details To ensure you are paid correctly
For performance of the employment contract
 
In order to comply with legal obligations
ESR Full personal details, bank details, pay details, job details, employment history, employment checks To ensure we are able to pay you

To be able to contact you
For performance of the employment contract

Legitimate interests of BCH

In order to comply with legal obligations
Occupational Health provider All staff – name, date of birthFor staff who undergo an occupational health referral – medical history, contact details, job details To set you up with an Occupational Health record and store information about immunisation status

To provide us with information about your health situation with an aim to provide recommend adjustments / support
For performance of the employment contract

Your consent

Staff Survey providers (e.g. SurveyMonkey) Name, work email address So you can provide u with your experiences of working for BCH Legitimate interests of BCH
 
Your consent (should you complete the questionnaire)
Employee Benefits
provider (e.g. ComputerShare)
Name, work email address. Once you have consented – we will provide them with your employment details (pay, hours of work etc) So you are able to access a full range of benefits Legitimate interests of BCH

Your consent
Government departments and other UK agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, collection of a tax or duty, or safeguarding national security (includes HMRC, Work and Pensions, Home Office and the Police). In order to meet statutory requirements and in the public interest (with consideration of your rights and freedoms). In order to comply with legal obligations
Professional bodies (e.g. NMC, HCPC etc) Name, address, organisational details (job title,     start date etc), details of any investigation and outcomes In order to meet statutory requirements and in the public   interest (with consideration of your rights and freedoms).
Potential employers whom you have approached Name, employment details, pay details For the purposes of confirming your employment with us Your consent
Letting agencies / building societies
Name, employment details, pay details For the purposes of confirming your employment with us Your consent
NHS EnglandInformation about any protected characteristics Workforce Race Equality Standard (WRES)

To improve the experience of Black and Minority Ethnic (BME) staff in the workplace;

To monitor training and promotional opportunities.
Your consent
 
For monitoring equality of opportunity

Legitimate interests of BCH

Cookies policy

What are Cookies?

A cookie is a very small piece of information that a website stores to save and collect basic information. Many cookies are essential to the operation of our website. Cookies on our site are also used to customise certain areas of content just for you, and to make your browsing experience more efficient and faster.

How we use Cookies

We use cookies to understand how people use our websites and to help us to make your experience of our website better. Some of them are essential for our websites to work properly and some allow us to understand more about how users use the website so we can improve it. We use cookies to enable the following:

WORDPRESS

wordpress_test_cookie 

Used by WordPress to inform the system whether or not cookies are enabled

Category 1: Strictly necessary

GOOGLE ANALYTICS

We use a program called Google Analytics, which in turn uses cookies to help us find out how many people visit our website, which pages and parts are most popular, how long people spend in each area and what information people are searching for. All this insight helps us to understand how we can improve our websites. The site gathers metrics on visit origin, page access, link following and page views which are shared with Google Analytics in order to provide a better service.

_gat_gtag_

Cookie name: _gat
Category: 4 – Statistics
Purpose: Used by Google Analytics to throttle request rate.
Length of time: Session.

_ga

Category: 4 – Statistics
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Length of time: 2 years.

_gid

Category: 4 – Statistics
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Length of time: Session.

YOUTUBE

GPS

PREF

VISITOR_INFO1_LIVE

YSC

These cookie store your preferences and other information, in particular preferred language, how many search results you wish to be shown on your page, and whether or not you wish to have Google’s SafeSearch filter turned on. They are also used to measure bandwidth in order to provide the best playback service.

Category 2: Performance cookies

PERSONALISATION

We use a number of services provided by Google, such as Google Analytics and YouTube, which in turn use cookies in order to improve the user experience and to add insight into how people interact with our content.

If you are logged in to your Google account on your web browser a number of additional cookies will be set to associate your actions and the content you view with your user account.

The “CONSENT” cookie tracks whether you have granted consent to Google to track your user actions.

Cookie name: APISID, CONSENT, HSID, LOGIN_INFO, SAPISID, SIDCC, SID, SSID

WORDFENCE

These cookies are used to help prevent malicious attacks and exploits from gaining access to the site. The last cookie is used to determine that a human – not a script – is accessing the content.

wf_loginalerted_(hash)

What it does: This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.

Who gets this cookie: This is only set for administrators.

How this cookie helps: This cookie helps site owners know whether there has been an admin login from a new device or location.

wfwaf-authcookie-(hash)

What it does: This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.

Who gets this cookie: This is only set for users that are able to log into WordPress.

How this cookie helps: This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

wfCBLBypass

What it does: Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.

Who gets this cookie: When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This will be set for anyone who knows the URL that allows bypass of standard country blocking. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.

How this cookie helps: This cookie gives site owners a way to allow certain users from blocked countries, even though their country has been blocked.

Category 3: Functionality cookies

How can I manage my cookies and where can I find more information?

If you don’t want us to use cookies in your web browser, you can remove them from your computer or change your browser settings so that it either blocks cookies altogether or asks you if you’d like to accept them from some websites. As we mentioned earlier, some of our cookies are essential for our websites to work properly.

If we change our cookie policy it will be updated on this page.