Privacy policy

The terms ‘APPG on Online Safety on Social Media' or ‘APPG’ or 'All-Party Parliamentary Group on Online Safety on Social Media’ or 'us' or 'we' or ‘our’ refers to the owner of the website whose registered office is APPG on Online Safety on Social Media, UK Safer Internet Centre, Discovery House, Vision Park, Chivers Way, Histon, Cambridge, CB24 9ZR, UK. 

You (“you” or “your”) are the Data Subject and user or viewer of our web site.

We are the Data Controller of the personal data we collect about you.

We are the Data Controller of the personal data we collect about you.

This privacy notice explains the who, what, when, where and why with respect to your personal data we process. It covers the following:

• Our approach to personal data processing
• Data protection principles
• Our use of your personal data
• Other parties
• Transferring personal data outside of the UK
• Third-party links
• Your rights
• Security of your data
• Changes to this Privacy Notice
• How to make a complaint

Our Approach To Personal Data Processing

We really value the support we receive from the public, partners and stakeholders and we take your privacy seriously. We are fully committed to compliance with applicable data protection laws, and we keep up-to-date with legislation changes.

We will keep your personal data secure and confidential and will only use it for the purposes intended. At no time will we sell your personal data.

We may disclose your personal information to third parties if we are legally obliged to; or in order to enforce or apply our terms of use for our website or other agreements; or to protect the rights, property or safety of the APPG, our stkaeholders or others.

Data Protection Principles

In adhering to the GDPR we are committed to protecting Personal Data in accordance with the following:

• Data must be processed lawfully, fairly and in a transparent manner.
• Data must be obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
• Data processed must be adequate, relevant and limited to what is necessary.
• Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure data that are inaccurate, are erased or rectified without delay.
• Data must not be kept for longer than is necessary for the purposes for which the data are processed.
• Data must be processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.

Our Use of Your Personal Data

The Personal Data, as defined under the GDPR, which we process includes certain information which can be used to potentially identify you.

Although we do not currently collect and/or process Special Category (sensitive) Personal Data, should this change, we shall inform you and explain any further protections that we may implement.

The Personal Data we collect about you is as follows:

Other Parties

During our relationship with you and providing this website to you, we currently engage the following parties as Data Processors, all of whom we have assessed for their compliance with relevant data protection legislation:

Transferring Personal Data Outside Of the UK

Other than as set out above, we do not transfer Personal Data outside the United Kingdom (UK) if you are based within the UK.

If you are based outside of the UK, to provide our services which include contacting you, we shall be obliged to send the Personal Data outside of the UK.

Whenever we transfer Personal Data to a Data Processor or third-party outside of the UK, we have ensured that appropriate measures, as allowed for by the GDPR, are in place to continue the ongoing protection of the Personal Data.

Third-Party Links

Where we provide links to other websites that are not owned or managed by the IWF, clicking on those links may allow third parties to collect or share data about you. We do not control these websites and cannot be held responsible for the privacy of data collected by those sites.

You should consult each website’s respective Privacy Notice or policy if you have any concerns or would like further information.

Your Rights

You have the following rights under the GDPR, though some may not always apply depending upon the lawful basis of processing of the Personal Data, or other relevant circumstances:

• The right to be informed, which encompasses the obligation to provide transparency as to how your Personal Data will be used (this Privacy Notice);
• The right of access (DSAR or Data Subject Access Request);
• The right to rectification of data that is inaccurate or incomplete;
• The right to be forgotten under certain circumstances;
• The right to block or suppress processing of Personal Data;
• The right to object to automated decision-making and profiling (Note: the only activity we consider involves ‘automated decision-making’ is our collection of Cookies that can be either consented to or not depending on your preference. We do not do any ‘profiling’); and
• The right to data portability which allows you to obtain and reuse your Personal Data for your own purposes across different services under certain circumstances.

If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations and respond in the first instance within one month of receipt.

You may make a request by contacting us.

No administration fee will be charged for considering and / or complying with such a request unless the request is deemed to be excessive in nature. If a complex request is received, we may need to extend the period to a further two months to respond appropriately. We will inform you of the reasoning behind any extension.  

Security of Data

We are committed to taking steps to ensure that your Personal Data is protected, and to prevent any unauthorised access, unauthorised changes, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and awareness raising.

We take any potential personal data breach seriously and will fully investigate it. As per the requirements of the GDPR, we will record all data breaches and report to the Information Commissioner’s Office (ICO) within 72 hours if we assess necessary.  If a data breach is assessed to be a high risk to data subjects, will contact you as soon as possible.

You can learn more about the obligations of organisations regarding personal data breaches on the ICO’s website .

Where we feel it necessary in the event of a breach, we may employ an independent consultant or advisor to investigate the matter on our behalf.

Changes to This Privacy Notice

We are committed to monitoring this policy and reserve the right to make changes to this Privacy Notice. Each time you visit our website we would encourage you to check that no changes have been made to any sections that are important to you.

This notice was last updated in September 2021.

How to Make a Complaint

We try to meet the highest standards when processing Personal Data. For this reason, we take any complaints we receive about our services seriously. We encourage you to bring any issues, in relation to data privacy, to our attention if you think that our processing of your Personal Data is unfair, misleading or inappropriate, by contacting us.

You have the right to lodge a complaint directly with the Information Commissioner’s Office (ICO) if you believe your data has not been processed by the IWF in the stated way, or in accordance with relevant data protection legislation.

You can contact the ICO on their helpline – 0303 123 1113 or via their website – www.ico.org.uk.