The type of personal information we collect:
We currently collect and process the following information:
Personal identifiers, online name/monikers, online criminal activity, financial and contact details
How we get the personal information and why we have it
Most of the personal information we process is found within forums and other online places where fraudsters and other criminals communicate;
We also receive personal information directly, from the following sources in the following scenarios:
- Telecommunications companies (Victim call data communicating with fraudsters’ fake bank call centres etc);
- Banking members providing details of suspects’ accounts and online activity for the purpose of identifying and mitigating fraudulent activity;
- Law enforcement providing details of identified or unidentified fraudsters/cyber criminals in a bid to identify, locate and/or disrupt/arrest those individuals.
We use the information provided to us in order to identify, prevent or mitigate cyber offending or fraud. This includes protecting victims and mitigating the criminal use of their personal information and the identification & locating of offenders and identifying their criminal activity.
We may share this information with banking members/partners, telecommunication partners and law enforcement for such mitigation, protection of victims and disruption against such offenders.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: We have a vital and/or legitimate and interest.
How we store your personal information
Your information is securely stored.
We keep such online activity; banking activity; law enforcement research/support data and other investigation data for a maximum of 6 years however some data will be deleted once it has been analysed for the purpose of preventing or detecting crime. We will then dispose that information by formal permanent digital deletion.
Your data protection rights
Under data protection law, you have rights including:Your right of access - You have the right to ask us for copies of your personal information unless lawful reasons exist for such requests to be refused.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Our contact details:
Name: R. Mackie (DPO)
Address: Cyber Defence Alliance, 1 Churchill Place - Level 22, Canary Wharf, London, E14 5HP
E-mail: DPO@cyberdefencealliance.org
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at DPO@cyberdefencealliance.org
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113. ICO website: https://www.ico.org.uk