Phone human-readable description of the message we trying to accomplish. Search human-readable description of the message we trying to accomplish. Map pin human-readable description of the message we trying to accomplish.

IWF uses cookies to ensure we give you the best experience on our website. Find out more about cookies Hide

Privacy Notice

This privacy notice explains the who, what, when, where and why with respect to the personal data we process. It covers the following:

  1. Our approach to personal data processing
  2. The IWF Website
  3. Reports
  4. IWF Members and our Partnerships
  5. Communications
  6. Recruitment and employees
  7. Donations
  8. Your rights and personal data breaches
  9. Changes to this Privacy Notice
  • 1. Our approach to personal data processing

    We really value the support we receive from the public; our members, partners and stakeholders and we take your personal data privacy seriously. We are fully committed to compliance with applicable data protection laws and we keep up-to-date with legislation changes such as the introduction of the GDPR. 

    In processing child sexual abuse material for the fulfilment of our remit and to the extent that this is personal data, we are doing so for reasons of substantial public interest as a relevant self-regulatory authority which is recognised within the Memorandum of Understanding between the Crown Prosecution Service (CPS) and National Police Chief’s Council (NPCC). Further information can be provided on request.

    We are an ISO27001 accredited organisation which means our information security management system has been independently verified as meeting the high standards expected of ISO27001 certification. You can therefore be assured of the seriousness with which we take the security of your data.

    We will keep your personal data secure and confidential, and will only use it for the purposes intended. 

    We may disclose your personal information to third parties if we are legally obliged to; or in order to enforce or apply our terms of use for our website or other agreements; or to protect the rights, property or safety of the IWF, our donors or others. 

    Where we provide links to other websites that are not owned or managed by the IWF we cannot be held responsible for the privacy of data collected by those sites. You should consult each website’s respective Privacy Notice or policy if you have any concerns or would like further information.

  • 2. The IWF Website

    Our website is managed by Studio24 who are contractually bound to keep any personal data processed on our behalf via the website secure. You can find out more information about Studio24 on their website here

    We use Google Analytics to interpret our website’s traffic to ensure it is working in the best way possible and to allow us to continually improve the experience for users. 

    Any information gathered for this purpose is for internal use only and contains no personal information. The Internet Protocol (IP) address of the computer or other device you use to access the website is used to gather anonymised statistical data. It is not retained with a view to identifying you personally by either ourselves or Google Analytics. We have a legitimate interest in monitoring the use of our website which is for the purpose of continual improvement.

    You do however have the option to prevent Google Analytics from using your data. For more information on this please visit - https://tools.google.com/dlpage/gaoptout/

    For more information generally on how Google uses your data please visit - http://www.google.com/policies/privacy/partners/ 

    Our website is managed by Studio24 who are contractually bound to keep any personal data processed on our behalf via the website secure. You can find out more information about Studio24 on their website here.

    Cookie Policy

    What are Cookies and how do we use them?

    A cookie is a small text file that is sent to your computer's hard drive when you visit a website. A cookie typically contains the name of the website from which it has come, the lifespan of the cookie and a value. The value is usually a unique code that will only make sense to the website that has issued it. Cookies can also be used to measure how people use websites and what kind of browsers or devices they're using. 

    You can set your web browser to accept or reject cookies, or tell you when a cookie is being sent. You can also delete cookies from your computer. 

    The AboutCookies.org website tells you how to control and delete cookies on most browsers.

    How to control Cookies (AboutCookies.org, external website)

    How to delete Cookies (AboutCookies.org, external website)

    Website cookies

    When you visit our website, you'll see this notice 'IWF uses Cookies to ensure we give you the best experience on our website' with a 'Find out more about Cookies' link to this Privacy Notice. As above, you have the right to accept or reject those cookies. We are therefore relying on your consent as our lawful basis for using Cookies.

    We do not use Cookies to collect your personal data nor to pass that information to third parties without your permission. The following cookies are used on our website to help us improve the user experience.

     
    Name Description Expiration
    iwf_accepted_cookies A cookie to store whether the user has seen and dismissed the cookie notification shown at the top of every page 1 year
    seen-cookie-message Used to indicate you have seen the introductory cookie message and to hide it on subsequent visits 30 days
    Google Analytics cookies
     
    Name Description Expiration
    ga Used to distinguish different users on this website 2 years
    _gat Used to throttle request rate 30 minutes

    We also use Google Translate to provide a straightforward way for you to translate the page content into your own language.

     
    Name Description Expiration
    Googtrans Used to store your language preference Browser session

    Contacting us

    Complaints

    We provide two avenues for complaints – one related to general complaints, and one specifically with respect to content assessment appeals. Explanations of both are contained within the website at the Complaints page - https://www.iwf.org.uk/complaints

    With any complaint, the personal data provided by the complainant will be retained until such time as the complaint has been investigated and concluded – it will then be anonymised after 90 days. Be aware that if the same complainant sends a separate complaint subsequently, the 90 days begins again. 

    Again, this personal information will not be shared with third parties without the express written permission of the complainant and we’re relying on consent here as our lawful basis for processing any personal data provided to allow us to respond appropriately to the complaint.

    Feedback form

    If you have any comments regarding our website we provide a feedback form for this purpose. The details requested allow us to respond to you appropriately. We will not retain your personal data for longer than is necessary. We may retain the contents of the feedback to aid in the improvement of our website, however personal data will be anonymised.

    Contact form

    You can use our general contact form in which we request your name, an email address and a reason for your enquiry so that we can best direct it to the right recipient. As per our management of the feedback form, your details will not be retained for longer than is necessary to provide you with an appropriate response, and will be subsequently anonymised or disposed of.

  • 3. Reports

    We understand how distressing it can be to stumble across potentially illegal child sexual abuse material and are therefore extremely grateful for the reports we receive that help us in our work. We do recognise that reporters can be concerned about doing this.

    You can remain completely anonymous when reporting something you’ve stumbled across online.

    If you’d like to know what happened with your report however, then the minimum we need is your name and an email address so that we can send you a confirmation email with a unique reference number. You may also supply an organisation name if reporting on behalf of your company. By providing your contact details to us, you consent to us storing them for this purpose. Note you will be directed to this Privacy Notice before progressing to the submission of your report where you do so non-anonymously.

    If you do indeed choose to provide your details, they will be recorded in our reporting system for 90 days to allow for that communication. They will then be automatically deleted after those 90 days. 

    Be assured, your personal details would not be disclosed to third parties without your express written permission. However, in rare circumstances it may be necessary or advisable for us to disclose your details to the police or other international law enforcement agencies in order to assist them with enquiries they are pursuing or where not to do so would pose a potentially immediate risk of serious harm to a child or other person(s). In such cases we regard the disclosure to be either in the public interest, or as a legitimate interest for the purpose of preventing the spread of child sexual abuse material. 

    Reports received via our International Portals come directly into our UK-based reporting system. At no time are reports (nor reporter details) viewed or accessed by any persons outside of the UK.

  • 4. IWF Members and our Partnerships

    Members

    If your organisation chooses to join our Membership, our Membership team will be in touch to explain the details they’ll need from you that will be used to communicate with you in the delivery of your chosen services. Key to this for example will be the contact details (names, work numbers and work email addresses) of your designated team members so that we can successfully work together.

    In processing Member applications, we utilise Survey Monkey to collect relevant business information (see their privacy page for further information - https://www.surveymonkey.com/mp/policy/privacy-policy/ and we also use AdobeSign for the processing of subsequent contracts. 

    More information on AdobeSign can be found on their website here - https://www.adobe.com/uk/legal/terms.html  

    In processing this information with a view to forming a business relationship we’re initially processing the data with a legitimate interest. 

    We work with a number of organisations in this way to forge successful business partnerships. In working with any third parties we ensure robust due diligence is carried out, and formal arrangements are in place to ensure the security and confidentiality of any personal data that may be processed in working with them.

    If you require further information, you can contact our Membership team.

    Partnerships

    We work in partnership with a number of highly regarded, prestigious and varied organisations across the world to help us in our mission to eliminate child sexual abuse imagery online. Examples of the types of organisations we work with include; other NGOs, the internet industry, INHOPE – the International Associate of Internet Hotlines, Government and law enforcement agencies around the world.

    These partnerships come in many forms and are managed through a combination of formal agreements, legal contracts, initiatives and collaborations. Be assured that where personal data is processed in order to carry out any such partnership, it is done so securely and within the confines of the law. Further information on our partnerships can be found within our website.

    In working with organisations around the world we need to be sure data is not transferred outside the European Economic Area without appropriate controls being in place. In such a circumstance, we ensure relevant standard contractual clauses are in place and/or EU-US and Swiss-US Privacy Shield framework compliance or data adequacy status by the EU.

    NSPCC

    One of our partnerships is with the NSPCC and we highlight this relationship explicitly here to be clear about the data that is shared between us. We are the final step in Childline’s ‘Report Remove’ campaign. This allows children to use a secure app ‘YOTI’ to verify their age for the purpose of reporting illegal images of themselves that have been shared online, this report then comes through to us. At no time do we have access to the child nor their personal data. We are provided solely the confirmation we need in order to proceed with our blocking or removal of any illegal content found.

    The UK Safer Internet Centre

    The UK Safer Internet Centre is a partnership between the IWF, South West Grid for Learning (SWGfL) and Childnet. We provide a range of activities to promote the safe and responsible use of technology to children. The UK Safer Internet Centre has a dedicated website which is coordinated by the lead partner – SWGfL and you can find an updated Privacy Policy on that website. You can find out more about the partnership here.

    INHOPE

    We are a founder member of INHOPE, the International Association of Internet Hotlines. INHOPE brings together 51 hotlines in 45 countries worldwide. Within this membership we exchange information and experience. We utilise the ICCAM platform which enables efficient and secure processing of illegal content between hotlines. Further information about INHOPE can be found here and their Privacy Policy can be found on their website.

    For more information regarding our partnerships, do explore our website which has detailed pages on the various collaborations and partnerships we’re involved in.

  • 5. Communications

    We want to be sure that where we communicate directly with any of our stakeholders we do so with their full and clear consent. We will always aim to be transparent about why we’re contacting and the ways in which people can end that contact if they choose to. Our primary means of communicating to our interested parties and stakeholders is via regular newsletters and our social media feeds.

    Newsletters

    If you wish to receive our general newsletter you can subscribe at the bottom of our website’s homepage. This will require a name and email address and you will also be required to verify your email address before you’ll be added as a recipient. You can ask to be removed from this mailing list at any time via membership@iwf.org.uk or dpo@iwf.org.uk and this will be expeditiously actioned. 

    As newsletter recipients choose to receive this information, our lawful basis for processing personal data in this instance is consent.

    Our Members, International Partners and IWF Champions are also offered a tailored newsletter which they can also subscribe to, or unsubscribe from, at any time.

    Social Media

    We regularly post articles and news that we feel could be of interest via our social media feeds such as Facebook, Twitter, LinkedIn and YouTube. It is the responsibility of users of those sites to maintain their own personal privacy settings however, we would not share any post that uniquely identifies someone without their permission. As the controller of our social media sites we reserve the right to have abusive or offensive content by users blocked or removed and will report any such behaviour to the social network at hand.

  • 6. Recruitment and employees

    Applications

    If you choose to apply for a role with the IWF you will be asked to complete a standardised application form – we do not receive CVs or other formats of application.

    Within that application form you will be asked for your name and contact details. We will also ask for your prior experience, your education, referees and we'll ask you to answer specific questions regarding the role you're applying for. This information will be accessible to our recruitment team only at this stage. 

    We also ask you to provide equal opportunities information by way of a separate standardised form. You do not have to complete it if you do not wish to – it will not affect your application if you choose not to. The information recorded will not be made available to anyone outside of our recruitment team. Any information provided on that form is for the production and monitoring of anonymised equal opportunity statistics.

    Shortlisting and interviews

    The relevant hiring Manager(s) will shortlist candidates for interview based on the requirements of the role advertised. The Business Officer will be in touch with applicants to make arrangements for any interviews and to discuss the format that these may take. 

    Transparency regarding Hotline roles

    Roles that require access to the Hotline include an additional ‘personal interview’ with two counsellors and a controlled image viewing session with the Hotline Manager and usually the COO. These additional welfare measures are in place to assess the resilience of candidates and allows them time to reflect on whether the role is something they can undertake.

    The welfare of our staff is of paramount importance to us and those that have Hotline access have monthly counselling and an annual psychological assessment to support them in carrying out these roles.

    Offer stage

    Employment offers are subject to the following:

    • Provision of evidence of entitlement to work in the UK;
    • Reference checks;
    • Completion of a pre-medical questionnaire (see below);
    • Completion of an Enhanced DBS check.

    Pre-medical questionnaire

    Heales Medical provide our Occupational Health service. If we make you a conditional offer, we will ask that you complete a questionnaire which will help to determine if you are fit to undertake the work that you have been offered, or advise us if any adjustments are needed to the work environment or systems so that you may work effectively.

    They will contact you directly with the questionnaire which will take you to their website. The information you provide will be processed by Heales Medical who will provide us with a 'fit to work certificate' or a report with recommendations. You are able to request to see the report before it is sent to us. 
    Once the above has been satisfactorily completed an employment contract can be issued.

    Our lawful basis for processing the personal data involved in recruitment is for the purpose of entering into a contract. 

    Applicants can withdraw their application at any time and their information will be appropriately and securely disposed of in that case.

    Retention of personal data

    Personal information from unsuccessful candidates will be retained for a maximum of six months following closure of the job posting in case of queries after which time it will be appropriately and securely disposed of.

    We retain personal data with respect to our current employees to allow us to fulfil our requirements of their employment contract and relevant legal obligations. We also utilise the DBS update service to ensure the enhanced disclosure and barring service checks remain up to date for all employees – a condition of their contract.

    We retain data with respect to former employees for a period of six years following the end of their contract in case of reference requests. This information will subsequently be appropriately and securely disposed of. 

  • 7. Donations

    We utilise MyDonate which is operated by BT for the processing of any donations. The IWF does not have access to your credit / debit card information or bank details in this transaction. We do not publish the details of donators without their express written permission.

    Any donation cheques sent directly to us are forwarded to our bank for processing. We will always want to acknowledge receipt and thank anyone who chooses to aid our mission in this way. Where a donator has supplied contact details we will endeavour to reach out to them to thank them for their generosity which we constitute being a legitimate interest. We will not subsequently retain their personal data, unless they choose to subscribe to our newsletter or to receive other relevant updates about the organisation. 

  • 8. Your rights and personal data breaches

    If you wish to exercise any of your rights under GDPR to make a formal Data Subject Access Request (DSAR) please write to us at dpo@iwf.org.uk

    Your rights

    • Access to your personal information;
    • Objection to processing of your personal information;
    • Objection to automated decision-making and profiling (Note: the only activity we do that we consider involves 'automated decision-making' is our collection of Cookies that can be either consented to or not depending on your preference. We do not do any 'profiling');
    • Restriction of processing of your personal information;
    • Your personal data portability;
    • Rectification of your personal information; and 
    • Erasure of your personal information.

    If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations and respond in the first instance within one month of receipt. 

    No administration fee will be charged for considering and / or complying with such a request unless the request is deemed to be excessive in nature. If a complex request is received, we may need to extend the period to a further two months in order to respond appropriately. We will inform you of the reasoning behind any extension. 

    Upon successful verification of your identity you are entitled to obtain the following information about your own personal information:

    • The purposes of the collection, processing, use and storage of your personal data.
    • The source(s) of the personal information, if it was not obtained from you.
    • The categories of personal data stored about you.
    • The recipients or categories of recipients to whom your personal data has been or may be transmitted, along with the location of those recipients.
    • The envisaged period of storage for your personal data or the rationale for determining the storage period.

    You can make the above request by emailing dpo@iwf.org.uk  or by writing to:

    Data Protection Officer 
    The Internet Watch Foundation
    Discovery House
    Vision Park
    Chivers Way
    Histon
    Cambridge
    CB24 9ZR

    We want to be sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

    You have the right to lodge a complaint directly with the Information Commissioner's
    Office (ICO) if you believe your data has not been processed by the IWF in the stated way, or in accordance with GDPR. 

    You can contact them on their helpline– 0303 123 1113 or via their website – www.ico.org.uk.

    Personal data breaches

    We take any suggestion of a personal data breach seriously and will fully investigate it. As per the requirements of GDPR, we will alert the ICO within 72 hours if we believe a breach has occurred, and depending on the circumstances, also contact those who may be impacted. 

    You can learn more about the obligations of organisations regarding personal data breaches on the ICO’s website here.

    Where we feel it necessary in the event of a breach, we may employ an independent consultant or advisor to investigate the matter on our behalf.

  • 9. Changes to this Privacy Notice

    We reserve the right to make changes to this Privacy Notice. Each time you visit our website we would encourage you to check that no changes have been made to any sections that are important to you. This notice was last updated in May 2018.

Report here