SWGfL Privacy Policy

Our full privacy policy is below, or read our child friendly version

Child Friendly Version

Who we are

We are South West Grid for Learning. In this policy we may call ourselves “SWGfL", "SWG" or "the Grid", Our address is: South West Grid For Learning Trust Ltd, Belvedere House, Woodwater Park, Pynes Hill, Exeter EX2 5WS.  

South West Grid for Learning are a charitable trust company registered in England, Scotland and Wales. Company Number: 5589479, Charity numbers: (England and Wales – 1120354, Scotland – SC051351), VAT Reg. Number 880 861 88. SWGfL has been an organisation in special consultative status with the United Nations Economic and Social Council since 2025.

We are the Data Controller for personal information covered by this Policy. We also provide services to Schools and others where we act as a Data Processor not a Data Controller. Our data processing terms apply to these services.

Our Commitment to your Privacy

South West Grid for Learning work hard to protect and respect your privacy. Our Privacy Notice sets out how and why we process your personal information. If you don't understand anything set out here, you can also contact privacy@swgfl.org.uk for more information.

What type of personal information do we process and what do we use it for

We use your personal information to achieve our charitable purposes by promoting our work and delivering services which benefit the public. This includes running helplines for the general public.

To promote our work, we may use personal information for the purposes of sending you email updates, organise events and to help our websites to function properly. You can read more about these purposes below.

Communicating with you about our services

When you provide us with an email address or telephone number, we may use these to communicate with you in order to allow us to provide our services to you.

When you sign up to get emails from us about our services, we may ask you for the following information: Your name; email address; and sometimes business information about your organisation and role. We may also collect this information as part of your subscription to our mailing lists. When you sign up to a mailing list with us you are consenting to receiving relevant email updates. If you no longer want our emails, you may withdraw your consent by using the ‘unsubscribe’ links which can be found at the bottom of all of our emails.

Our emails may, from time to time, contain links to and from the websites of third parties. We are not responsible for these other websites, and you should read their privacy policies if you want to understand how they process your information.

Running Events

When you attend one of our events, we may collect your name; your email address; your postal address; business information about your organisation and role and sometimes payment information.

We will collect this information as part of your confirmation of attending an event and on the legal basis that we are fulfilling a contract with you to provide access to the event.

We use this personal data to organise and administer the event. This includes, for example, sharing the names of attendees to venues we are using.

We may use external platforms to manage some of our events such as Eventbrite, for this. When you are a speaker, presenter or sponsor at our events we may publish your details on communication platforms, websites and social media as part of the promotion of that event.

Managing our Website(s) and Web based Services

When you use certain elements of our website(s), we may collect: Your name; your email address; IP address; your postal address; business information about your organisation and role; and payment information. We will collect this information as part of your registration on our website/s or when you purchase something from us or use our services.

We will use this information for the following purposes to fulfil our legitimate business interests in:

  • managing the operation of our websites and in order to allow you to create an account, access and use the services we provide.
  • charging you for goods or services we offer
  • keeping our website and other IT systems secure so that we can prevent other people from accessing your personal information.
  • delivering appropriate and accurate content to you and your device from within the website(s).
  • notifying you of changes to our services, and to provide you with support in using our services.
  • providing support in using our website(s), we may keep records of such contact.

We may also use this information to carry out our obligations arising from any contracts entered into between you and us.

Our websites are:

  1. The SWGfL website (swgfl.org.uk).
  2. The 360 family websites (360Groups, 360Earlyyears, 360safe, 360safecymru, 360safescotland, 360digicymru, eSafe School, CyberSecure, Computing Quality Framework)
  3. The Online Safety BOOST website (boost.swgfl.org.uk).
  4. The Whisper website (swgflwhisper.org.uk).
  5. The SWGfL Store (swgflstore.com).
  6. The Revenge Porn Helpline website (revengepornhelpline.org.uk).
  7. The Reporting Harmful Content website (reportharmfulcontent.com).
  8. The Test Filtering website (testfiltering.com).
  9. ProjectEvolve (projectevolve.co.uk).
  10. The Hacking Hate website (hackinghate.eu)
  11. Assisted Monitoring Service

Our websites may, from time to time, contain links to and from the websites of third parties. Please check the privacy policies of these websites before you submit any personal data to these websites.

Cookies

Our website(s) place cookies on your computer. For more details about how our Cookies process your personal information, please see our Cookie Notice.

Running our Helplines

Our Helpline services are the Revenge Porn Helpline and Report Harmful Content Helplines, our helpline services are available by telephone, email, letter and chatbot.

You will also find links to the Professional Online Safety Helpline (POSH) on our website.  This is not covered by this privacy policy but is covered by its own policy which contains details of the Data Controllers for these helplines.  You can read that policy here Privacy Policy - UK Safer Internet Centre

Our helpline staff are trained to protect your confidentiality and some information that could be used to identify you is stored on our central systems and can be accessed by Helpline staff and sometimes by designated Safeguarding Officers. The following information may be recorded by our staff:

  • a unique Id which identifies you
  • your phone number (if contact is by phone)
  • your email address (if contact is by email)
  • your postal address (if contact is by written letter)
  • IP address (if contact is by chatbot)
  • Images or URLs (web addresses) for images (where you provide us with images which may identify you or others) which you are reporting to us or which you want removed from the internet
  • Caller ID
  • Time & date of call
  • Caller gender (if given)
  • Ethnicity (if given)
  • Caller age (if given)
  • Contact type (i.e., by phone, letter, email, chatbot)
  • Your location data
  • Information about your concerns and how you want us to help you
  • We also record some statistical information on each contact we receive, to report on and improve our service.

Training, Quality control

Helpline staff may from time-to-time record or listen in to the information you provide during a call for training, quality, and support.

Safeguarding

We take your confidentiality very seriously and will only consider speaking to someone else if we are really worried about what you have told us and believe someone is at risk of serious harm.

If you provide us with personal information about yourself or another person which causes us concern or makes us worry about your safety or the safety of others, we may consult a Safeguarding Officer who we have appointed about the best way to keep yourself safe. Sometimes our Safeguarding Officer will suggest we need to tell someone else what you’ve told us to be able to help you. This may be the case, for example, if you are a Child or Adult who is at risk (for example, you have additional health or care needs which prevent you from protecting yourself). Where you have shared information with us which identifies a child or adult at risk of suffering abuse or harm, we may contact the relevant services or agencies.  

Research and statistics

We may use any of the information we collect during the provision of our services for research purposes. The information you provide to us is not used to report on specific people for these purposes, but we may use it for such purposes where we can do this without identifying you. We may share this information with research organisations or other parties with similar aims to ours where promotes our charitable purpose.

Improving our Services

We may use personal information, including information you share with us when using our services to improve our services including using data to train Artificial Intelligence to help us target and deliver our services more effectively.

StopNCII and your images

StopNCII.org is a free tool designed to support victims of Non-Consensual Intimate Image (NCII) abuse from having their intimate photos shared online. The tool works by generating a hash from your intimate image(s)/video(s) on your phone. Image hashing is the process of using an algorithm to convert an image into a string of characters, or hash that does not identify you. Hashing is one-way using PDQ or MD5 for video.

Duplicate copies of the image all have the exact same hash value. StopNCII.org shares the hash with participating companies so they can help detect and remove the images shared online. Learn more about the tool and participating companies.

We process this information to fulfil your request(s) to remove your hashed image(s) from social media services and other information society services, your personal data will be shared by us with those services which may be outside the United Kingdom.

If you choose to withdraw your consent to processing of any hashed images, we will erase your hashes from our systems and instruct industry partners to do so too. Please be aware, however, that once industry partners become aware of a hash which violates their policies, they reserve the right to continue removing that content.

Whisper

Whisper is an anonymous reporting service that we provide for schools to use. You can read more about Whisper here.

SWGfL processes contact data provided outside of the messages sent using Whisper. We process this information in order to give functionality to the Whisper service.

We process other data (which may be personal data) relating to the IP address of the machine sending the message and related data. We call this Meta Data. We share Metadata with the School upon request from them and where we deem that this data is proportionate as this is the basis of the Whisper Service agreement we have with them. This includes responding to requests from the Police in response to a threat, or threat to life.

Meeting our legal requirements

We may also use any information you provide to us for the establishment and defence of our legal rights, or where relevant applicable laws or for compliance with a legal obligation to which we are subject require this.

Who has access to your information

Our employees and contractors and Suppliers acting on our behalf may have access to your information where this is necessary for their role.  

Data sharing outside SWGFL

We share your information with third-party service providers that provide business services to us, including general administration services, security and performance monitoring, research, data hosting, auditing, and data processing.

We do not usually share your personal information with other third parties outside SWGFL to use for their own business purposes unless we have your consent to do this. But we may disclose your personal information with third parties where:

  • We are ordered to do so by a court
  • We are ordered to do so by an authority with the power to demand a disclosure, including social services and the police.
  • We think we need to make the disclosure to protect the vital interests of you or another person or to protect you or someone else from serious harm.
  • We are acting to protect and defend the rights, safety, and security of our organisation and its employees, customers and others.
  • We transfer your personal data when part of our business is sold or transferred to another organization.
  • We process it in an aggregated form for research purposes or to provide performance statistics to our partners.
  • We are required or authorised to do so by law.
  • We need to do so for other business purposes described in this policy or for any other purpose disclosed to you at the time we collected your personal information or asked for your consent to process your personal data.

Sharing data with the Safer Internet Centre

As explained earlier some of our links will allow you to visit the Safer Internet Centre who may receive your personal information when you visit their website. You can find out more about the Safer Internet Centre here. Homepage - UK Safer Internet Centre

Data transfers outside the UK

Unless we tell you otherwise, or you consent to a particular transfer, any transfers of your personal data from within the United Kingdom (UK) to third parties outside the UK will be based on an adequacy decision or are protected by the standard contractual clauses approved by the UK Information Commissioner. Any other non-UK related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards. Please contact us if you need any further information about this.

How Long We keep Your Information For

We only retain your data for as long as we have a business need to do.  Your contact details are held while you have asked us for information, or we are providing you with services and for a period of no longer than 7 years after we last did business with or had contact with you. We need to hold your information for this long to meet taxation obligations and to manage legal claims. We may also retain personal data for longer for research and statistical purposes where this allowed by the law.

Summary of our Legal Basis For processing your Information

A summary of the legal basis we rely on for using your personal information

Legitimate Interest

We often rely on Legitimate interest (where we process your personal information for our legitimate business purposes). These purposes are set out opposite. We always balance our legitimate interest in processing your information against any risks that this processing may pose to you.

  • to correspond and communicate with you
  • to inform our market strategy, conduct research, allow access to our services and to support your use of them,
  • verify the accuracy of the information we hold about you
  • create a better understanding of you as a user of our services
  • for network and information security
  • for the prevention of fraud and other crime
  • to respond to your complaints requests and queries,
  • to assess and improve our services and
  • for the establishment and defence of our legal rights.
  • managing the operation of our websites and in order to allow you to create an account, access and use the services we provide.
  • keeping our website and other IT systems secure so that we can prevent other people from accessing your personal information.
  • delivering appropriate and accurate content to you and your device from within the website(s).
  • notifying you of changes to our services, and to provide you with support in using our services.
  • providing support in using our services and website(s), we may keep records of such contact.
  • managing the operation of our websites and in order to allow you to create an account, access and use the services we provide.
  • or research purposes
  • for training and quality control purposes
  • for safeguarding purposes as explained above.

Consent

Processing your personal information on the basis of your Consent. We may sometimes ask for your consent to process your personal information we set out where we ask for consent opposite. Where we rely on your consent to process your personal information you can withdraw your consent at any time.

  • to share your information with others to help us remove images or stop the sharing of your intimate images.
  • to contact you by email or text with marketing information about our services, for example, we might do this if you register for an account with us online or sign up to newsletters and a marketing and communications emails. Sometimes we might ask you to consent again when we contact you to refresh your marketing preferences.
  • we may also ask for your consent to share your information with recommended third-party partners for them to contact you about their services.

Contract

Contract (we may process your personal information to fulfil a contract with you)

  • we use your information to comply with our contractual and related legal obligations, for example where this requires us to identify you when we contact you or to bill you for services, or facilitate your attendance at an event
  • we verify the accuracy of the data we hold about you,
  • we deliver the services you have asked us to under the contract, such as attendance at an event.

Your Rights

By law, you have a number of rights (subject to certain conditions) when it comes to your information. You can exercise any of these rights by contacting us at privacy@swgfl.org.uk

The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we provide you with the information in this Policy.

Right to object to processing

You have the right to object to certain types of processing, including opting out of direct marketing.

The right of access

You have the right to obtain access to your information and certain other information (similar to that provided in this Policy). This is so you’re aware and can check that we are using your information in accordance with data protection law.

The right to rectification

You are entitled to have your information corrected if it is inaccurate or incomplete.

The right to erasure

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure, there are exceptions.

The right to restrict processing

You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.

The right to data portability

You have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.

The right to lodge a complaint

You have the right to lodge a complaint about the way we handle or process your information with the UK Information Commissioner www.ico.org.uk

The right to withdraw consent

If you have given your consent to anything we do with your information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your information for marketing purposes.

When you contact us to exercise your rights, we will normally respond within one month from when we receive your request.

Don’t want someone to see you have been using our Website? – Find out how to protect yourself here

Are you worried that someone might see that you have been on our site? Here is some information which may help protect yourself and cover your tracks.

How to Select 'Private browsing'

Most browsers have a 'private' or 'incognito' browsing option. Use this when visiting our site and you shouldn’t leave any traces of your activity on your computer or phone.

Delete your browser 'History'

When you're not in 'private' mode, your browser will record all the pages you visit. You can remove SWGFLs' pages from this record by deleting your ‘History’.

  • Chrome: Click on the 'History' option on the menu bar.
  • Safari: Click on the 'History' option on the menu bar.
  • Microsoft Edge: Press Ctrl + Shift + Delete at the same time, then tick/untick the options you’d like to clear and select “Clear now”.
  • Firefox: Press the Ctrl key and H at the same time.

Delete History entries or all History

Delete any entries you are worried about by choosing the delete history options.

Deleting Cookies

A cookie is a small file on your computer that records the sites you visit, advertisers mainly use cookies to track your interests and show you targeted content, but they can reveal where you have been online. You can delete all your cookies by doing the following:

  • Chrome: Click on 'Chrome' – 'Clear Browsing Data'
  • Safari: Clearing 'History' will clear cookies.
  • Microsoft Edge: Press Ctrl + Shift + Delete at the same time, then tick/untick the options you’d like to clear and select “Clear now”.
  • Firefox: Click on Tools – Options – Privacy – select the Clear button (next to Cache and Saved Form Information)

How to contact Us or our Data Protection Officer

Please contact us if you have any questions or concerns about the way we process your personal information. You can do this by emailing our Data Protection Officer or our Head of Privacy at: privacy@swgfl.org.uk. Or by writing to: South West Grid for Learning Trust, Belvedere House Pynes Hill Exeter EX2 5WS

Or by calling us on 0345 601 3203

Should we fail to resolve your concerns, you have the right to complain to the Information Commissioner’s Office at www.ico.org.uk

This version of the Privacy Notice was last updated in March 2023