Scam Data Sharing and Scam Intelligence Privacy Notice

Introduction

This privacy notice is designed to help you understand how we use and protect the information obtained through our scam data sharing and scam intelligence activities. In summary, this involves processing data related to actual or suspected scams and / or the activities of actual or suspected scam perpetrators.

It applies to personal data provided to us, both by individuals themselves and by third parties.

Our contact details

Registered Address: 5 Fleet Place, London EC4M 7RD
E-mail: info@stopscamsuk.org.uk

The type of personal information we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. Through our data sharing and scam intelligence work, we may collect, use, store and transfer different kinds of personal data. This may include:

• Personal details, such as names and contact information (telephone numbers or email addresses).
• Bank account information.

Where we receive unsolicited personal data (i.e., information we have not asked for), this will be handled in the same way as any other personal information we process as set out in this Notice and in compliance with data protection legislation.

How we get personal information and why we have it

The information we process through our scam data sharing and scam intelligence work is gained through activities undertaken by Stop Scams UK employees, its members and third party contractors.

This information is processed and shared with our members and a limited number of third party contractors to detect and prevent fraud.

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information is the following:

• We have a legitimate interest – processing of personal data may be necessary for the purposes of legitimate interests pursued by Stop Scams UK or a third party, except where such interests are overridden by the data subject’s interests or fundamental rights and freedoms which require the protection of their personal data.

Principles

We will handle personal data in accordance with the data protection principles set out in
the GDPR:

• Lawfulness, fairness and transparency – we will handle personal data in a way that is lawful, fair and transparent in relation to the data subject;
• Purpose limitation – we will only collect and handle personal data for specified, lawful purposes, and data will not be further processed in a way that is incompatible with those purposes;
• Data minimisation – the data we hold is adequate, relevant and limited to what is necessary;
• Accuracy – data is accurate and kept up to date (where necessary);
• Storage limitation – data is only kept for as long as is necessary;
• Integrity and confidentiality (security) – the data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures;
• Accountability – we can demonstrate compliance with these principles.

Processing purpose

We will only use personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing your information

We may be required to share personal data with the parties set out below, in line with the purposes outlined above.

There may be times when external organisations use your personal information as part of providing a service to us.

We may be required by law to disclose certain information to the police or another relevant authority in specific circumstances.

We may also receive requests from third parties with authority to obtain disclosure of personal data. We will only fulfil such requests where we are permitted to do so in accordance with the applicable law or regulation.

We require all third parties to ensure the security of personal data and to comply fully with the law.

International transfers

We may use third-party providers to deliver our services, such as externally hosted software services or cloud storage providers. Such providers may involve transfers of personal data outside of the UK. Whenever we do this, to ensure that personal data is treated by those third parties securely and in a way that is consistent with UK data protection law, we require such third parties to agree to put in place safeguards. This may include specific contracts approved for use in the UK which give personal data the same protection it has in the UK or other equivalent measures as required.

Please contact us if you require further information.

How we store your personal information

Data protection law requires us to securely store and process personal information to avoid unauthorised access or loss. We have in place appropriate physical and technical measures to ensure the security of all personal information and to prevent unauthorised access, misuse, disclosure or destruction.

We have processes in place to manage any suspected personal data breach. We will notify you and any relevant regular of a breach where this is legally required.

Data retention

In line with the above principles, we will only retain personal data for as long as necessary to fulfil the purposes we collected it for. This may include complying with any legal, accounting or reporting requirements.

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at info@stopscamsuk.org.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at info@stopscamsuk.org.uk.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk