Privacy Policy

The Online Crime Prevention Team (“OCPT”) is firmly committed to upholding the highest standards of data protection, confidentiality, and information governance. We collect, store, and process personal data strictly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. All personal information submitted to OCPT is processed lawfully, fairly, and transparently, and is utilised solely for purposes connected to the assessment of reports, the conduct of online safety and cyber-enabled criminal investigations, the provision of safeguarding assistance, and the operational improvement of our services. OCPT will always obtain clear, explicit, and informed consent prior to the recording of any voice-call or video-call interview; no such recording will take place without the data subject’s express agreement. OCPT does not sell, distribute, or otherwise disclose personal data to external parties, except where required to do so by law or when cooperating with recognised law enforcement authorities under a legitimate and lawful basis. By engaging with our services, you acknowledge that your personal data may be processed in accordance with the provisions set out within this Privacy Policy.

What data do we collect?

OCPT may collect and process a range of personal and technical data in the course of providing its services. The categories of data we may collect include, but are not limited to, the following:

1. Personal Identification Information

Such as your full name, date of birth, postal address, email address, telephone number, and any other information that enables us to verify your identity.

2. Digital and Online Identifiers

Including usernames, social media profiles, IP addresses, device identifiers, and other metadata associated with online accounts relevant to an investigation or safeguarding enquiry.

3. Communication Records

This may include written correspondence, emails, digital messages, screenshots, chat logs, and, where explicit consent has been obtained, recordings or transcripts of voice-call or video-call interviews.

4. Incident and Report Information

Details relating to online harm, suspicious activity, potential criminal conduct, safeguarding concerns, or other information voluntarily submitted to OCPT during the reporting process.

5. Technical and Usage Data 

Information automatically collected when accessing our website or online systems, including browser type, operating system, access times, referring URLs, and other analytical data used to maintain system integrity and improve service performance.

6. Supporting Evidence

OCPT may receive documentation, digital media, files, or other materials voluntarily provided by individuals to assist with an investigation, safeguarding action, or risk assessment. However, OCPT will not accept, store, or review any material that constitutes, or may constitute, Child Sexual Abuse Material (CSAM). Individuals are strictly prohibited from capturing, downloading, forwarding, or screenshotting indecent images of children, as doing so is itself a criminal offence under the Protection of Children Act 1978 and related legislation. If OCPT receives a report indicating the existence of CSAM, or if an individual attempts to provide such material (including screenshots, screen recordings, or any derivative copies), we may immediately escalate the matter to the appropriate law enforcement authority without further internal investigation and without notifying the reporting party. This is necessary to comply with legal obligations, safeguard victims, and prevent unlawful possession or distribution of illegal content.

How we use your data

OCPT processes personal data solely for purposes directly connected to our safeguarding and online crime prevention functions. This includes assessing reports submitted through our platforms, conducting preliminary information evaluations, identifying potential risks to individuals, and, where appropriate, referring matters to recognised law enforcement or statutory safeguarding agencies. Personal data may also be used to support internal case management, maintain investigative records, and enhance the operational integrity and effectiveness of our services.

All personal data collected by OCPT is securely stored within a controlled-access database environment. This database is hosted on a private, local server (“localhost”), specifically to minimise exposure to external networks and to significantly reduce the risk of unauthorised access or data breaches. It is not accessible via the public internet, and access to this database is strictly limited to no more than three senior members of OCPT who have been designated as authorised data custodians. These individuals are subject to confidentiality requirements, internal oversight, and access logging procedures to ensure accountability and proper data handling.

OCPT does not use personal data for marketing, profiling, automated decision-making, or any purpose unrelated to safeguarding, digital safety, or the lawful prevention of harm. Data is processed only to the extent necessary to fulfil our operational responsibilities, comply with statutory duties, or protect individuals from credible online threats.

Data retention & Storage

OCPT retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, in accordance with the storage limitation principle set out under the UK General Data Protection Regulation (UK GDPR). Unless otherwise stated, personal data held by OCPT in connection with a report, safeguarding enquiry, or online crime prevention activity is retained for a period of up to three (3) years from the date a case is closed. This retention period enables OCPT to address recurring patterns of behaviour, respond to follow-up enquiries, provide evidential continuity where required, and ensure operational accountability.

At the end of the three-year retention period, all personal data relating to the case will be securely deleted, anonymised, or irreversibly destroyed, unless there is a compelling lawful basis to retain it for longer. OCPT may extend the retention period where:

• The matter has been escalated to recognised law enforcement or statutory safeguarding agencies;

• The information forms part of an ongoing investigation, legal process, or evidential record; or

• OCPT is subject to a legal, safeguarding, or regulatory obligation to preserve such data.

OCPT does not retain Child Sexual Abuse Material (CSAM) under any circumstances. Should information indicate the existence of such material, or where a report includes evidence relating to CSAM, the matter may be immediately escalated to the appropriate law enforcement authority. In these circumstances, OCPT may retain only the metadata or contextual information necessary to demonstrate that the referral occurred, and no copies of illegal material will be stored, reviewed, or analysed by OCPT.All personal data retained by OCPT is stored within a secure, controlled-access database hosted on a private local server (“localhost”), not accessible via the public internet. Access to this system is restricted to a maximum of three authorised senior members of OCPT, who are bound by confidentiality obligations and subject to internal audit and oversight. Appropriate technical and organisational measures are implemented to protect all data against loss, misuse, unauthorised access, alteration, or disclosure.