Thinkuknow.co.uk Privacy Notice  

We (the National Crime Agency or “NCA”) sometimes need to process personal information about you so that we are able to perform our functions. This Privacy Notice explains how we collect and use your personal information in accordance with Data Protection Act 2018 and the GDPR. It only relates to processing of personal data for non-law enforcement  purposes not law enforcement purposes. Personal data processed for law enforcement purposes is covered by a separate privacy notice which can be found on the NCA’s website.

Please read the following carefully to understand our practices regarding your personal data.

Note that the Thinkuknow website is independent of the National Crime Agency website and has a separate Privacy Notice.

This site contains links to and from other websites. This privacy policy applies only to this site, and doesn’t cover other government services and transactions that we link to.

Personal data is any data that can be used to identify a living individual, on its own or in combination with other available information. References to names, identification numbers and location data are all personal data. Processing means anything we do with the data and includes collecting, storing, and sharing.

Key Contacts

Data Controller

The Director General is the controller for any personal data processed by the NCA.

Data Protection Officer

The NCA’s Data Protection Officer is Richard Riley and the Data Protection Office can be contacted via DPO@nca.gov.uk

The NCA’s Data Protection and Privacy team  manages the NCA’s data protection compliance.

Thinkuknow.co.uk is managed by the NCA-CSA Education team who are contactable on ceopeducation@nca.gov.uk.

What information do we collect about you?

We collect certain data about you when you use this site.

  1. For all users when browsing pages at thinkuknow.co.uk

There is automatic collection of:

  • your IP address
  • the browser you used
  • cookies and Google page tagging data to tell us how you used the   site (for example, which pages you visited and for how long)
  • anonymous demographic data (for example, gender, age) if held in your accounts with other services which are logged in to (for example, an email account or social network profile). We will not identify you using this data.

We need this data to:

  • To learn how people use thinkuknow.co.uk, so we can develop and improve it.

Please note that we will not (and will not allow any third party to) use Google Analytics to track, collect or upload any data that personally identifies an individual or any other data which can be reasonably linked to such information by Google.

We keep this data:

  • In the Thinkuknow Google Analytics account.

For more information on how Google Analytics collects and processes anonymous data, read Google’s privacy policy [LINK].

 How long do we keep this data?

  • See our Cookies Policy [LINK] for more details.

2. For professionals who work with children and young people, and who register for and use a Thinkuknow account.

Upon registering, you will need to supply:

  • Your name
  • Details of your occupation and employer
  • Your email address and phone number

When using your account we will collect:

  • Information you submit within your training logs

There is automatic collection of:

  • When you log in and which documents you download from thinkuknow.co.uk

It is important that the personal information we hold about you is accurate and up to date. Please tell us if your personal information changes whilst registered for a Thinkuknow account.

We need this data to:

  • check your ongoing eligibility for a Thinkuknow account, as an appropriate over-18 year old professional working at a recognised organisation and whose connection with and use of NCA materials will not bring the NCA into disrepute
  • contact you about your account or a matter related to the Thinkuknow education programme.
  • send you email communication giving you essential updates to enable you to deliver Thinkuknow resources effectively. This also includes paid for training opportunities run by NCA-CSA Education.
  • monitor, develop and evidence the impact of Thinkuknow education programme.
  • learn how people use thinkuknow.co.uk, so we can develop and improve it.

We keep this data:

  • In the Thinkuknow database hosted by Salesforce.
  • A copy of this database is stored by our website hosting provider Ensono.
  • A copy of this database is stored by our mailout service (Mailchimp).

How long do we keep this data?

  • As long as your account is active. Your name and email address will be kept for a further 6 years.

See below for our policy on account deletion.

3. Registered user who book onto the CEOP Introduction Course.

Upon booking, you will need to supply:

  • Your name
  • Details of your occupation and employer
  • Your email address and phone number

We need this data to:

  • Share with the CEOP Ambassador providing you with a product/service

We keep this data:

  • In the Thinkuknow database (Salesforce).

How long will we keep this data?

  • As long as your account is active in the Thinkuknow database hosted by Salesforce. Your name and email address will be kept for a further 6 years.

4. Registered users who book onto a CEOP Ambassador Course.

Upon booking, you will need to supply:

  • Your name
  • Details of your occupation and employer
  • Your email address and phone number
  • The budget holder/approver’s details including position, email address and telephone number
  • Billing address and contact details
  • PO number (if required)

During the booking process, you will need to supply:

  • A scanned/photograph copy of photographic ID showing date of birth
  • A letter from your employer confirming eligibility for the CEOP Ambassador Course

We need this data to:

  • Provide you with a service
  • To contact you, your employer and billing organisation about matters relating to your booking.
  • To check your eligibility to attend the CEOP Ambassador course, as an appropriate over-18 year old professional working at a recognised organisation and whose connection with and use of CEOP materials will not bring the NCA into disrepute.

We keep this data:

  • In the Thinkuknow database (Salesforce).

How long will we keep this data?

  • As long as your account is active in the Thinkuknow database (Salesforce). Your name and email address will be kept for a further 6 years.

5. Professionals who train as CEOP Ambassadors and use the Ambassador area of the Thinkuknow site

We collect the following data:

  • Information you choose to publish on your optional Thinkuknow       Ambassador Profile. You can remove or change this information at any time through 'My Account'.
  • Your profile photo if you choose to add one.
  • Any comments you choose to post in Knowledge Share.
  • The above information is visible only to other Ambassadors and Thinkuknow admin.
  • contact requests made to other Ambassadors within Peer Search.

We need this data to:

  • Enable you to network effectively with other Ambassadors.
  • Understand your interests and specialisms so we can provide a better service.
  • Monitor and moderate activity.
  • Learn how Ambassadors use thinkuknow.co.uk, so we can develop and improve it.

We keep this data:

  • In a Salesforce database and the Ensono-hosted copy of the database. The data is also stored by Mailchimp, as above.

How long do we keep this data?

  • As long as your account is active. Your name, email address, and record of ambassador status will be kept for a further 6 years.
  • See below for our policy on account deletion.

How do we use your information?

As outlined within Section 1 above, we use your personal data to:

  • Collect non-identifiable data which enables us to monitor, evaluate and develop our services
  • Identify you and assess your eligibility for a Thinkuknow account
  • Contact you in relation to your account
  • Send you regular email communication

Why do we use your information?

The information above sets out our purpose for processing each item of your information. We do not collect more data than we need to fulfil the purpose described under ‘Why we need it’ in Section 1.

Your right to withdraw your agreement

You have the right to withdraw your agreement to our processing your personal data at any time by instructing us to close your Thinkuknow account. To do so, email ceopeducation@nca.gov.uk. This will be actioned within 5 working days.

Where your data has been collected at the point of booking on a CEOP Introduction course, you should also contact the CEOP ambassador running the course to withdraw your agreement.  The CEOP ambassador will be subject to their own data protection policies.

Where your personal data has been processed

See below (‘How long do we keep your data?’) for details on our arrangements for deleting your personal information when your account is closed.

How do we process your data lawfully?

Our lawful basis for processing each item of your personal information is Legitimate Interests. It is in the legitimate interests of the National Crime Agency to:

  • collect and keep contact details for you and your employer when you register for a Thinkuknow account. This is to ensure that our resources are delivered safely and effectively, by appropriate adults in appropriate settings, whose connection with the NCA will not cause us disrepute. It also ensures that we can contact you or your employer about your account if we need to.  We reserve the right to verify your identification details to ensure that you are an appropriate adult. 
  • take measures to keep you, as a professional registered to deliver Thinkuknow resources on our behalf, up to date on new and emerging threats, new resources, tools and guidance, and development in policy and research, via regular email communication.
  • use data on the use of our website and figures reported back to us by Thinkuknow account holders in order to monitor and evaluate the effectiveness and reach of the Thinkuknow programme, and continuously develop and improve it in response.

There is significant wider societal benefit in the data processing measures detailed above as they are essential to the effective delivery and development of the Thinkuknow Programme, which reduces harm to children as a result of online child sexual abuse.

You can find more information on processing personal data on the basis of Legitimate Interests here.

Our lawful basis for processing data related to booking onto a CEOP Introduction course is performance of a contract.

By booking onto a CEOP Ambassador Course, we process your personal data as a part of an agreement you have with us to provide a service.

You can find more information on processing personal data on the basis of Contract here

How do we keep your data secure?

All security measures for the above processing arrangements meet the NCA and Government standards for information security.

To keep your data secure we use the HTTPS format for all information exchange with you via the Thinkuknow website.

Where we transfer personal data outside of the UK, including any subsequent sharing of this data, we ensure that the conditions laid down in Data Protection Legislation are complied with.

How long do we keep your data?

We retain personal data submitted by Thinkuknow account holders for the duration that your account is active, and then for a further 6 years.

In the event that your account is closed we will delete all personal data except your name and email address, which we will continue to store in order to ensure we do not contact you in future. It is also in our interest to keep a record of your ambassador status. Your name, email address, and record of ambassador status if applicable, will be deleted from our records 6 years after account closure.

To enable us to monitor, evaluate and develop the Thinkuknow programme, on closure of your account we will continue to store records of activity on Thinkuknow.co.uk/professionals, which will no longer be attributed to your account. This comprises training logs shared, resources downloaded (all account holders) and any activity in Knowledge Share and Peer Search (Ambassadors only). This data will no longer be connected with your personal information.

Is my data subject to automated decision making or profiling?

Your data is not subject to automated decision making or profiling.

Data Subject rights

Under the GDPR and data protection legislation you have a number of rights that you can exercise in relation to the data we process about you. Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a subject access request). This enables you to receive a copy of the personal information we hold about you and check that we are lawfully processing it and that it is accurate.
  • Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no lawful reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below)
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) or where we are processing your personal information for the performance of a task in the public interest and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we are allowed under the law to charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we can refuse to comply with the request in such circumstances.

We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Further information about these rights can be found within the GDPR and on the Information Commissioner’s Office website: www.ico.org.uk

To exercise any of these rights please contact the Statutory Disclosure Team at: StatutoryDisclosureTeam@nca.gov.uk

OR

Statutory Disclosure Team

PO Box 58345

London

NW1W 9JJ

Complaints and further queries:

The NCA tries to meet the highest standards when processing your personal data. We take complaints very seriously. If you have any concern about the way that we have handled your personal data please bring it to our attention via the following means:

You are also able to submit complaints to the Information Commissioner’s Office, advice on how to contact them based on the nature of your concern is available at https://ico.org.uk/concerns/

The ICO can be contacted via:

The Information Commissioner’s Office,

Wycliffe House,

Wilmslow,

Cheshire,

SK9 5AF

Telephone: 0303 123 1113

Email: casework@ico.org.uk

Further information about this privacy notice

This privacy notice has been created to be easily understood and concise. As a result, it does not include exhaustive detail about what information we hold,

every organisation we share data with, how the data is collected or how long the data is kept. For further information please contact the NCA’s Data Protection Officer via DPO@nca.gov.uk. 

We keep our privacy notices under regular review. If we plan to use personal data in a different way than we have outlined then we will update our privacy notice before we start any new processing.