Privacy Policy

Last updated: March 2026

1. Data Controller

SafeCheck is operated by The Grooming Files. The data controller for the purposes of UK GDPR is The Grooming Files, based in Neath, Wales.

2. Data Protection Officer

The Data Protection Officer can be contacted at sophie.editorial@outlook.com.

3. Lawful Basis for Processing

SafeCheck processes special category data under Article 6(1)(a) (explicit consent) for routine participation data, and Article 6(1)(e) (task carried out in the public interest) for child protection processing. Article 9 conditions are met through Article 9(2)(g) (substantial public interest in safeguarding children) and Article 9(2)(a) (explicit consent).

4. Data We Collect

• Personal identity data: name, date of birth, contact address, email
• Self-reported behavioural disclosures during assessments and check-ins
• Structured check-in responses including urge scoring and trigger logs
• Third-party referral information where applicable
• Device or location data where enhanced monitoring applies (with separate consent)
• Audio or video recordings where applicable (with explicit consent)

5. How We Use Your Data

Your data is processed for: risk assessment and stage allocation; ongoing behavioural monitoring; escalation referrals to statutory authorities where child protection thresholds are met; programme evaluation (anonymised and aggregated).

6. Conditional Confidentiality

Confidentiality within SafeCheck is conditional. Any disclosure indicating risk to a child will be referred to statutory safeguarding authorities. This condition is absolute and cannot be waived.

7. Data Retention

• No escalation on record: 3 years from exit date
• Following escalation: duration of legal proceedings plus 7 years
• Child protection concern on record (no formal escalation): 7 years from exit
• Third-party referral (individual did not engage): 2 years from referral date

8. Your Rights

Under UK GDPR you have the right to: access your personal data; request correction of inaccurate data; request erasure (subject to child protection limitations); withdraw consent and exit the programme; object to processing based on public interest.

9. Data Security

All stored personal data is encrypted. Access is restricted through role-based controls. All access to participant records is audited. A data breach response procedure is in place aligned to UK GDPR Article 33.

10. Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) has been completed for this platform and is available on request. Please contact the Data Protection Officer for a copy.

11. Contact

For data protection enquiries, contact the Data Protection Officer at sophie.editorial@outlook.com.