Thinkuknow.co.uk Privacy Notice

We sometimes need to process personal information about you so that we are able to perform our functions. This Privacy Notice explains how we look after your information.

Please read the following carefully to understand our practices regarding your personal data.

Note that the Thinkuknow website is independent of the National Crime Agency website and has a separate Privacy Notice.

This site contains links to and from other websites. This privacy policy applies only to this site, and doesn’t cover other government services and transactions that we link to.

Key Contacts

Personal data is any data that can be used to identify a living individual, on its own or in combination with other available information. References to names, identification numbers and location data would all be personal data. Processing means anything we do with the data and includes collecting, storing, and sharing.

Data Controller

The Director General is the controller for any personal data processed by the NCA. The DG’s office can be contacted here: nca.privateoffice@nca.x.gsi.gov.uk

Data Protection Officer

The Data Protection Officer is Donald Toon and the Data Protection Office can be contacted at DPO@nca.x.gsi.gov.uk.

The NCA’s Public Information Compliance Unit (PICU) manages the NCA’s data protection compliance and can be contacted at picu.enquiries@nca.x.gsi.gov.uk.

Thinkuknow Website Administrator

Thinkuknow.co.uk is managed by the CEOP Education team who are contactable on ceopeducation@nca.x.gsi.gov.uk.

Section 1: What information do we collect about you?

We collect certain data about you when you use this site. 

Please see below for details on the information we collect, why we need it, where it is stored and how long we keep it.

1)  All users when browsing pages at thinkuknow.co.uk

1a) The data we collect. There is automatic collection of:

- your IP address

- the browser you used

- cookies and Google page tagging data to tell us how you used the   site (e.g. which pages you visited and for how long)

- anonymous demographic data (e.g. gender, age) if held in your accounts with other services which are logged in to (e.g. an email account or social network profile). We will not identify you using this data.

1b) We need this data to:

- To learn how people use thinkuknow.co.uk, so we can develop and improve it.

- Please note that we will not (and will not allow any third party to) use Google Analytics to track, collect or upload any data that personally identifies an individual or any other data which can be reasonably linked to such information by Google.

1c) We keep this data:

- In the Thinkuknow Google Analytics account.

- For more information on how Google Analytics collects and processes anonymous data, click here.

1d) How long we keep this data:

- See our Cookies Policy for more details.

2)  Professionals who work with children and young people, and who register for and use a Thinkuknow account.

2a) The data we collect.

Upon registering, you will need to supply:

- Your name

- Details of your occupation and employer

- Your email address and phone number

- Information you submit within your training logs

- When you log in and which documents you download from thinkuknow.co.uk

- When you log in and which documents you download from thinkuknow.co.uk

2b) We need this data to:

- To check your eligibility for a Thinkuknow account, as an over-18 year old professional working at a recognised organisation.

- To contact you about your account or a matter related to Thinkuknow.

- To send you an email newsletter giving you essential updates to enable you to deliver Thinkuknow resources effectively. This also includes paid for training opportunities run by NCA-CEOP.

- To monitor, develop and evidence the impact of Thinkuknow training.

- To learn how people use thinkuknow.co.uk, so we can develop and improve it.

2c) We keep this data:

- In the Thinkuknow database (Salesforce).

- A copy of this database is stored by our website hosting provider Ensono.

- Names and email addresses only are stored by our mailout service (Mailchimp).

2d) How long we keep this data:

- As long as your account is active.

- See below for our policy on account deletion.

3)  Professionals who train as CEOP Ambassadors and use the Ambassador area of the Thinkuknow site

3a) The data we collect.

- Information you choose to publish on your optional Thinkuknow Ambassador Profile. You can remove or change this information at any time through 'My Account'.

- Your profile photo if you choose to add one.

- Any comments you choose to post in Knowledge Share.

- The above information is visible only to other Ambassadors and Thinkuknow admin.

- contact requests made to other Ambassadors within Peer Search.

3b) We need this data to:

- Enable you to network effectively with other Ambassadors.

- Understand your interests and specialisms so we can provide a better service.

- Monitor and moderate activity.

- Learn how Ambassadors use thinkuknow.co.uk, so we can develop and improve it.

3c) We keep this data:

- In a Salesforce database and the Ensono-hosted copy of the database. Names and email addresses are also stored by Mailchimp, as above.

3d) How long we keep this data:

- As long as your account is active.

- See below for our policy on account deletion.

Section 2: Why do we use your information? 

The information above sets out our purpose for processing each item of your information. We do not collect more data than we need to fulfil the purpose described under ‘Why we need it’ in Section 1.

Our lawful basis for processing each item of your personal information is Legitimate Interests. It is in the legitimate interests of the National Crime Agency to:

- Collect and keep contact details for you and a referee at your workplace when you register for a Thinkuknow account. This is to ensure that our resources are delivered safely and effectively by appropriate adults in appropriate settings, and to ensure that we can contact you about your account if we need to.

- Take measures to keep you, as a professional registered to deliver Thinkuknow resources on our behalf, up to date on new and emerging threats, new resources, tools and guidance, and development in policy and research, via an e-newsletter.

- Use data on the use of our website and figures reported back to us by Thinkuknow account holders in order to monitor and evaluate the effectiveness and reach of the Thinkuknow programme, and continuously develop and improve it in response.

There is significant wider societal benefit in the data processing measures detailed above as they are essential to the effective delivery and development of the Thinkuknow Programme, which reduces harm to children as a result of online child sexual abuse.

You can find more information on processing personal data on the basis of Legitimate Interests here.

Section 3: Right to withdraw your agreement

You have the right to withdraw your agreement to our processing your personal data at any time by instructing us to close your Thinkuknow account. To do so, email ceopeducation@nca.x.gsi.gov.uk. This will be actioned within 5 working days.

See below (‘How long do we keep your data?’) for details on our arrangements for deleting your personal information when your account is closed.

Section 4: How do we use your personal data?

As outlined within Section 1 above, we use your personal data to:

- Collect non-identifiable data which enables us to monitor, evaluate and develop our services

- Identify you and assess your eligibility for a Thinkuknow account

-  Contact you in relation to your account

- Send you the Thinkuknow e-newsletter

Section 5: How do we keep your data secure?

All security measures for the above processing arrangements meet the NCA and Government standards for information security.

To keep your data secure we use the HTTPS format for all information exchange with you via the Thinkuknow website.

Our third party providers Salesforce, MailChimp (The Rocket Science Group) and Ensono are all certified to the EU-US Privacy Shield Framework.

Section 6: How long do we keep your data?

We retain personal data submitted by Thinkuknow account holders for the duration that your account is active, and then for a further 6 years.

In the event that your account is closed we will delete all personal data except your name and email address, which we will continue to store in order to ensure we do not contact you in future. Your name and email address will be deleted from our records 6 years after account closure.

To enable us to monitor, evaluate and develop the Thinkuknow programme, on closure of your account we will continue to store records of activity on Thinkuknow.co.uk/professionals, which will no longer be attributed to your account. This comprises training logs shared, resources downloaded (all account holders) and any activity in Knowledge Share and Peer Search (Ambassadors only). This data will no longer be connected with your personal information.

Is my data subject to automated decision making or profiling?

Your data is not subject to automated decision making or profiling.

Section 7: Your rights as a data subject

Under the GDPR you have a number of rights that you can exercise in relation to the data we process about you. You have a right of access; rectification; erasure; restriction; portability; and objection. Further information about these rights can be found within the GDPR and on the Information Commissioner’s Office website: www.ico.org.uk

To exercise these rights please contact the Public Information Compliance Unit at:

PICU.enquiries@nca.x.gsi.gov.uk

OR

Public Information Compliance Unit

Units 1-6 Citadel Place,

Tinworth Street,

London, SE11 5EF

Section 8: Complaints and further queries

The NCA tries to meet the highest standards when processing personal data. We take complaints very seriously. If you have any concern about the way that we have handled your personal data please bring it to our attention via the following means:

DPO@nca.x.gsi.gov.uk or contact PICU.Enquiries@nca.x.gsi.gov.uk

You are also able to submit complaints to the Information Commissioner’s Office, advice on how to contact them based on the nature of your concern is available at https://ico.org.uk/concerns/.