go to proffesionals homepage
Concerned about a child? Act now

Thinkuknow.co.uk/professionals
Privacy Notice

We have a responsibility and are committed to keep all of your information safe. This notice, along with our terms of use and cookie policy, tells you how we collect, use and protect your personal data.

We do this by following the rules and guidance set out in the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 (DPA).

This website is run by the National Crime Agency’s CEOP Education team (NCA-CEOP). NCA-CEOP’s aim is to help protect children and young people from the threat of online child sexual abuse. This website is part of the NCA- CEOP Education programme, and is aimed at professionals working with children and young people.

Please note, this website is independent of the National Crime Agency website (www.nationalcrimeagency.gov.uk) which has a separate Privacy Notice.

Key Contacts

Data Controller

The Director General is the controller for any personal data processed by the NCA.

Data Protection Officer

The NCA’s Data Protection Officer is Richard Riley and he can be contacted via DPO@nca.gov.uk.

How to get in touch

The NCA’s Data Protection and Privacy team manage the NCA’s data protection compliance and can be contacted via DataProtection@nca.gov.uk.

This website is managed by the NCA-CEOP Education team who can be contacted via CEOPEducation@nca.gov.uk.

What information do we collect about you?

We collect, store and use personal data about you when you use this website.

Personal data is any information that can be used to identify you or another person. For example, basic personal details like your name and email address, or your IP address. (An IP address is the unique address that identifies a device on the internet).

1. For all users when browsing pages at thinkuknow.co.uk/professionals

We collect the following data:

Your browsing data. Whilst using this website we collect anonymous information about your browsing session to help us monitor and improve this website. The kind of data we collect includes the pages you visit on the website, the number of times you visit them, your operating system, the version of your web browser, the country you’re visiting from and any resources you download.

This may also include anonymous demographic data (for example, gender, age, location) held in your accounts if you have logged in to the web browser with an account. This information cannot identify you directly.

We collect and store this data using:

Google Analytics. We use a tool called Google Analytics to collect this data. All of the data is stored securely on Google’s servers. In order to track your browsing across sessions, Google Analytics will place a ‘cookie’ on your machine. A cookie is a small text file that websites use to track and remember information across several browsing sessions. These cookies are used to keep you logged in as you move around a site, provide content, and check website performance.

You can tell your web browser not to accept cookies if you don’t want your data to be collected in this way (refer to your web browser’s help file for more information).

For further details on Google Analytics, and the Google Analytics privacy policy, please visit the Google Analytics website.

You can read our Cookie Policy here.

We use this data to:

Monitor and improve our services. We use your information to monitor, develop and evaluate the impact of our CEOP Education resources, training and website and improve our services to you.

2. For users who register for and use an CEOP Education Network Member account.

In addition to the above, we collect the following data:

  • Personal information you give us. When you register for an account we require information to make sure you are eligible and so we can keep in contact with you through membership emails. This includes basic personal details (your name and date of birth) and your work details (your job title, sector, work email and organisation details).
  • Your browsing data. As well as the anonymous information about your browsing session outlined above, when you create a Network Member account, we will also collect information about when you log in to your account and any resources you download from the website.
  • Education and evaluation data you give us. As a Network Member we will ask you to give us information about any education resources you have used, including how many children and young people, parents and carers or other professionals have attended any education sessions you deliver.

Giving us this information is voluntary, and any data we publish will be anonymised unless you consent to be identified (for example, you want to provide a quote in support of our work).

We collect and store this data using:

  • Ensono. The personal information you give on the registration form is collected and stored by our website host provider Ensono, so you can easily log in and use the Network Member areas of the website. For further details on Ensono’s privacy policy, please visit www.ensono.com/privacy-policy
  • Salesforce. Salesforce is used to store your personal information and records of any education resources you download. Salesforce is sent this information from our website, and this helps us manage our Network Member database and membership communications. For further details on Salesforce’s privacy policy, please visit www.salesforce.com/uk/company/privacy
  • Mailchimp. Mailchimp is used to send you membership emails. Mailchimp is sent your contact information and membership status for you to be able to receive our emails. For further details on Mailchimp’s privacy policy, please visit www.mailchimp.com/legal

We keep your data for as long as your Network Member account is active. If you close your account we will delete all personal data except your name and email address. We keep your name and email address for 6 years, to make sure we do not contact you in future.

  • Survey Monkey. Survey Monkey is used to gather feedback directly from our Network Members about education resources they have used, our training and any membership improvements. For further details on Survey Monkey’s privacy policy, please visit www.surveymonkey.co.uk/mp/legal/privacy-basics

Personal data you share with us in Survey Monkey (this is usually your name and email address) will only be kept for as long as we need it for our purposes, and no longer than one year. You are not obliged to partake in surveys – it is entirely voluntary.

We use this data to:

  • Make sure you are eligible for an account. The information you provide helps us to check that you are eligible for an account. This means you should be over 18, and a professional working with children and young people, their parents and carers or other professionals at a recognised organisation in the UK.
  • Contact you. We use your information to send you membership emails, giving essential updates to help you deliver our CEOP Education resources and training effectively. They also highlight any resources or information related to the topic of online child sexual abuse or online safety education which may be of interest. We may also use your information tocontact you directly about your account.
  • Monitor and improve our services. We use your information to monitor, develop and evaluate the impact of our CEOP Education resources, training and website and improve our services to you.

3. CEOP Education Network Members who book onto CEOP Education training.

In addition to the above, we collect the following data:

Financial information. When you book on CEOP Education training we require you to give us financial information so you can pay for the training. This will include your organisation’s payment details (budget holder details, PO numbers and billing address).

We will never ask you for any bank account or payment details through our website. These details will only be asked for and shared via secure email communications, directly with the CEOP Education team or the NCA Finance team.

We collect and store this data using:

  • Salesforce. We use Salesforce to store your financial information.
  • National Crime Agency internal systems. Your financial information is shared with our internal Corporate Business Services Finance team, so they can process your payment.

We keep your data as long as your Network Member account is active. If you close your account we will delete all personal data except your name and email address. We keep your name and email address for 6 years, to make sure we do not contact you in future.

Our Corporate Business Services Finance Team will keep your financial information for 7 years.

We use this data to:

Organise and deliver training. By providing us with this information we are able to issue you with an invoice for payment. This invoice serves as a contract between the NCA and your organisation for services (the training) we provide you with.

4. CEOP Education Network Members who book onto a CEOP Education Ambassador training.

In addition to the above, we collect the following data:

  • Photographic ID. We require you to send us a scanned or photographed copy of photographic ID showing your date of birth. This information helps us to confirm your identity when you attend the CEOP Education Ambassador training.

We collect and store this data using:

  • National Crime Agency internal systems. Your information is collected and stored on our internal systems (email and file drives) and can only be accessed by the CEOP Education team.

We keep this data until you have attended a CEOP Education Ambassador training course. This data will be deleted one week after you have attended.

We use this data to:

  • To confirm your identity and eligibility. By booking onto a CEOP Education Ambassador training course, you are agreeing to become a CEOP Education Ambassador. The information you provide helps us to check who you are and confirm you are eligible to be a CEOP Education Ambassador.

5. CEOP Education Ambassadors

In addition to the above, we collect the following data:

  • Information you choose to publish on the Ambassador area of the website. We will collect and store any information you decide to share on the Ambassadors area of the website. This may include a profile picture, information about yourself and your experience, comments you post in the knowledge share area or messages you send to other Ambassadors.

This information can be removed or changed by you at any time and is only visible to other Ambassadors and the CEOP Education team.

We collect and store this information using:

  • Ensono and Salesforce. The information you give is collected and stored by our website hosting provider Ensono and on our membership database in Salesforce.

We keep your data as long as your Network Member account is active. If you close your account we will delete all personal data except your name and email address. We keep your name and email address for 6 years, to make sure we do not contact you in future.

We use this information to:

  • Support and improve our services. We use your information to support you in your role as a CEOP Education Ambassador. Your information helps us to develop and evaluate the impact of our CEOP Education resources, training and website and improve our services to you.
  • Monitor and moderate activity. We monitor the information you share to ensure it does not breach our terms of use or code of conduct.

Criminal convictions and/or involvement in criminal proceedings.

The NCA will periodically perform checks on all CEOP Education Ambassadors using the Police National Database. This helps us mitigate the risk of any Ambassador having engaged in or being at risk of engaging in child sexual abuse related activity. We will use the personal data you have given us to do this.

We do this in order to:

  • fulfil our statutory responsibility to safeguard and protect children and young people from sexual abuse
  • make sure members do not cause the NCA any reputational damage.

By agreeing to become a CEOP Education Ambassador, you give your consent for us to perform these checks.

If the Police National Database check identifies any relevant information about child sexual abuse criminal convictions or involvement in criminal proceedings, the CEOP Education team will be informed. We will contact you directly and suspend or terminate your account and your Ambassador role as a result of non-compliance with our code of conduct and terms of use.

The CEOP Education team will not be given any specific details of criminal convictions or involvement in criminal proceedings, only notification that they exist. This will be recorded as account suspended or terminated as a result of a breach of the code of conduct.

Your right to withdraw your agreement

You have the right to withdraw your agreement for us to collect, store and use your personal data at any time, by telling us to close your CEOP Education Network Member account.

To do so, email CEOPEducation@nca.gov.uk. This will be actioned within 5 working days.

How long do we keep your data?

We keep your data as long as your Network Member account is active. If you close your account we will delete all personal data except your name and email address and if you were a CEOP Education Ambassador. We keep this data for 6 years, after which is will be deleted from our records.

Our lawful basis for using your personal data

Data Protection law means we must have a reason or justification, also known as a ‘lawful basis’, to use any of your personal data:

Consent

This is where we've asked for your permission to use your personal data in a specific way, and you've agreed. For example, if we ask you if we can use your feedback publically.

Contract

We may collect and use your personal data as part of an agreement you have with us. For example, if you book onto any CEOP Education training.

Legitimate interests

Our legitimate interest is the delivery of our CEOP Education programme and services which aims to protect children and young people from online child sexual abuse. We do this through our education resources, training and our websites.

Your personal data means we can:

  • monitor and improve our programme and services
  • make sure the people using our programme and services are eligible
  • contact you
  • organise and deliver our training

Public Task

We may use collect and use your personal data to perform a specific task in the public interest that is set out in law. For example, using your data to check the Police National Database in order to fulfil our statutory responsibility to safeguard and protect children and young people from sexual abuse.

How do we keep your data secure?

We take the security of your personal data very seriously. We have internal policies, controls and security measures in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties. These measures meet the NCA and Government standards for information security.

We work hard to make sure that our security procedures do the job they are designed to do and any communications between you and our websites are protected. To keep your data secure we use the HTTPS format for all information exchange with you via the CEOP Education website.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.

Data Subject rights

Under the GDPR and Data Protection Act 2018 you have a number of rights that you can exercise in relation to the data we store and use about you.

  • Request access to your personal data (commonly known as a subject access request). You can ask for a copy of the personal data we hold about you and check that we have a lawful basis for using it and that it is accurate.
  • Request rectification of the personal data that we hold about you. This means you can have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This is when you ask us to delete or remove personal data where there is no lawful reason for us to continue to store or use it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) or where we are using your personal data for the performance of a task in the public interest and there is something about your situation which makes you want to object to us doing this.
  • Request the restriction of processing of your personal data. This enables you to ask us to stop storing or using personal data about you, for example if you want us to check its accuracy or the reason for processing it.

We sometimes need to request specific information from you to help us confirm your identity and make ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

The Information Commissioner’s Office’s guidance on each of the rights can be found here.

If you do want to exercise any of these rights then please contact the Statutory Disclosure Team at: StatutoryDisclosureTeam@nca.gov.uk

OR
Statutory Disclosure Team
PO Box 58345
London
NW1W 9JJ

Complaints and further queries

The NCA tries to meet the highest standards when processing your personal data. We take complaints very seriously. If you have any concern about the way we have handled your personal data, please bring it to our attention via the following means:

  • Submitting complaints to the Information Commissioner’s Office. Advice on how to contact them based on the nature of your concern is available at https://ico.org.uk/concerns/

    The ICO can be also be contacted via:
    The Information Commissioner’s Office,
    Wycliffe House,
    Wilmslow,
    Cheshire,
    SK9 5AF

    Telephone: 0303 123 1113
    Email: casework@ico.org.uk

Further information about this privacy notice

This privacy notice has been created to be easily understood and concise. As a result, it does not include exhaustive detail about what information we hold, every organisation we share data with, how the data is collected or how long the data is kept.

For further information, please contact the NCA’s Data Protection Officer via DPO@nca.gov.uk.

We keep our privacy notices under regular review. If we plan to use personal data in a different way than we have outlined we will update our privacy notice before we start any new processing.

Last updated: 31 March 2022