Privacy statement

This Privacy Statement explains the who, what, when, where and why in respect of the personal data we process.

Quick Navigation:

Please take a moment to familiarise yourself with this Privacy Statement.

1. Our approach to personal data processing is a registered business name of the Internet Service Providers Association of Ireland CLG (registered company no. 285632), non-for-profit organisation. works to eliminate online child sexual abuse imagery, disrupt the cycle of online child sexual exploitation and prevent repeat-victimisation of child victims and survivors. procedures and operations are approved and overseen by the Department of Justice and Equality and An Garda Síochána. would not be able to fulfil its mission without the public's vigilance and readiness to report suspect images/videos of children or other forms of suspected illegal content online within the remit.

We highly value the support received from the public; our members, partners and stakeholders and we take your personal data privacy very seriously. We are fully committed to compliance with applicable data protection laws and we keep up-to-date with legislation changes.

Why does collect and store data

We collect, process and store personal information in order to carry out our core business and ancillary activities.

To the extent that it is personal data, in most cases we collect information that is given to us by you, either through the submission of a non-anonymous report (through the use of web-reporting forms, email, TAM or post); membership application; recruitment e.g. if you choose to apply for a role with; information with a view to forming a business relationship. Any information that you provide to us is used by solely for the purpose for which it was provided. We collect personal details in respect of:

  1. prospective, current and past directors, board members, employees, consultants
  2. current, prospective and past members of, including registration information
  3. supplier contacts to support our services
  4. personal details included with the submission of a non-anonymous report to

NOTE: For the avoidance of doubt, victim identification is not within our remit, it is a matter for law enforcement alone.

We use information held about you in the following ways:

  1. to carry out our obligations arising from contracts we enter, have entered or intend to enter into;
  2. to demonstrate regulatory compliance with appropriate bodies
  3. where necessary in the field of employment law
  4. to provide you with a response to your query or follow-up on your non-anonymous report (if required by you)
  5. to provide you with information and services that you request from us or we think will be of interest to you as deemed relevant to your business;
  6. to ensure Members' compliance with Code of Practice
  7. where we need to bring or defend legal claims

The lawful bases under GDPR:

  1. Legitimate business interests
  2. Consent – you've explicitly consented to your personal data being processed for a specific purpose.
  3. Performance of a contract – a contract is in place with an individual/organisation and certain legal terms and conditions apply.
  4. To comply with a legal obligation – we may be subject to a legal obligation to process certain personal information.
  5. To protect vital interests – if there is an immediate risk to someone's health and safety, we may need to process their personal data.
  6. Performance of a task carried out in the public interest – much of our core work is carried out for this reason as it is in the public interest to eliminate child sexual abuse material from the Internet.

In processing reports submitted to for the fulfilment of our remit and to the extent that this is personal data, we are doing so for reasons of substantial public interest and for preventing the availability and spread of child sexual abuse images/videos which are documented evidence of a crime being committed, a child being sexually exploited and often actually raped. The service is provided under special agreement with Government and law enforcement.

Please note that GDPR requires us to minimise the data we keep unless it's required for the provision of a service or for existing legal requirements (such as Revenue), therefore we use all reasonable efforts to keep your data only for as long as it's needed for the original purpose we collected it.

We will keep your personal data secure and confidential and will only use it for the purposes intended. At no time will we sell your personal data.

Once we receive your personal data, we will employ appropriate physical and technical measures to secure your data, including staff training and awareness. To this end, has put technological (e.g. SSL technology and encryption whenever possible to reduce the impact of any potential incidents) and organisational controls, including policies and procedures, in place to protect your personal data from loss, misuse, alteration or unintentional destruction. We also use all reasonable efforts to ensure that when we outsource any processes, the service provider has appropriate security measures in place. All our processes and measures are reviewed regularly and changed/updated as required.

Please note that no communications over the Internet can be guaranteed as entirely secure. We cannot guarantee the security of the information that you disclose using your Internet connection. You accept the inherent security implications of using the Internet. We will not accept liability for any direct, consequential, incidental, indirect or punitive losses or damages arising from your use of online communications. Also, once data reaches your network it is your responsibility to ensure it remains secure.

A cookie is a small text file that is sent to your computer's hard drive when you visit a website. A cookie typically contains the name of the website from which it has come, the lifespan of the cookie and a value. The value is usually a unique code that will only make sense to the website that has issued it. Cookies can also be used to measure how people use websites and what kind of browsers or devices they're using. does not use Cookies to keep any information relating to website usage by users and we do not make any attempt to try to identify users or their browsing activities.

Links to other websites

We do our utmost to protect user privacy through the appropriate use of security technology: we ensure that we have appropriate physical and technological security measures to protect your information; and we ensure that when we outsource any processes, the service provider has appropriate security measures.

Please note that our website contains links to other websites owned and operated by third parties. These third-party websites have their own Privacy Policy. We bear no responsibility or liability for the privacy practices of such third party websites and we urge you to review the Privacy Policy or Notice of any website you may access through our website.

3. Reporting suspected illegal content online to (making a report)

The website is HTTPS (Hyper Text Transfer Protocol Secure), which means the information is encrypted all the way from the reporter's device to the Hotline web-server so that no one "in between" can read it.

Reports can be made to either anonymously (your name or contact information is not required in order to submit a report) OR by manually opting-in to make a non-anonymous report submission (include contact details).

If you make an anonymous report submission to – through our online reporting form(s)

If you opt to make an anonymous report submission, you can do so without providing any personally identifiable information and please know that we do not attempt to collect such information via cookies/scripts, nor track the IP address and location of the device used to submit a report.

If you opt to make a NON-anonymous report submission to – through our online reporting form(s)

In the event that you wish to receive a report acknowledgement or to be contacted about your query, you will have to opt for a non-anonymous report submission. Subsequently we will require at least your name and email address. Personally identifiable information submitted to when making a non-anonymous report will be stored in our secure database. Please note that by providing your contact details to us, you consent to us storing them for the above mentioned purpose.

We do not pass on personal details to law enforcement without a court order or your express written permission. Please note that in very rare circumstances it may be necessary or advisable for us to disclose your details, if we are legally obliged to; or to protect the rights, property or safety of, our members or others. In such cases we regard the disclosure to be either in the public interest, or as a legitimate interest for the purpose of preventing the spread of child sexual abuse material.

Important to note: Once your NON-anonymous report has been investigated and closed, your contact data is automatically deleted within 90 days. Please be aware that if you make more than one NON-anonymous report with the same details, each instance of reporting starts that three month retention period again. Therefore, if you do not wish for your details to be retained for that period following each report you may prefer to go back a step and report anonymously.

If you make a report submission to via email

It is more efficient for to process reports made using our web-reporting form(s). We prefer to receive reports via the web-reporting forms, as these are designed to request relevant technical details based on e.g. where the content was encountered, suspicion, URL (link) how to access the content being reported etc., key in the assessment process. Moreover, the web-reporting forms have integrated help boxes that will guide you through the steps or provide further details.

Please only use the email address provided on the website (Contact Us page) if for some reason you believe our web-reporting forms are unsuitable.

Please note that when you email your email service automatically includes your email address with the message. If you do indeed wish to proceed with the submission of a report via email, you are consenting to us storing personally identifiable information that is being provided. This information will be held in our secure database while the reported material is being investigated. Once the report has been investigated and closed, the contact data is automatically deleted within 90 days. We do not pass on personal details to law enforcement without a court order or your express written permission. If you do not wish for your details to be retained for that period you may prefer to instead submit a report anonymously through our web-reporting forms.

4. Members and our Partnerships Members

If your organisation chooses to join our Membership, our team will be in touch to explain the details they’ll need from you that will be used to communicate with you in the delivery of our services. Key to this, for example, will be the information that you submit when you complete the Membership Application form and return it to or via post to our office address, which would include, inter alia, contact details (names, phone numbers and work email addresses) of your designated team members so that we can successfully work together.

In processing this information with a view to forming a business relationship we’re initially processing the data with a legitimate business interest. In working with any third parties we ensure robust due diligence is carried out, and formal arrangement are in place to ensure the security and confidentiality of any personal data that may be processed in working with them.


Transnational crime such as online child sexual abuse and child sexual exploitation requires coordinated national and international multi-stakeholder approach. We work in partnership with a number of highly regarded and varied organisations across the world for the purpose of combatting online child sexual abuse. For example we work with: Government, An Garda Síochána and international law enforcement agencies such as INTERPOL, Internet Industry [online service providers], other NGOs, INHOPE – the International Association of Internet Hotlines and INHOPE member hotlines engaged in combatting online child sexual abuse material.

These partnerships come in many forms and are managed through a mix of formal agreements, legal contracts, initiatives and collaborations. Be assured that where personal data (including that of our staff or any contractor(s) working on our behalf) is processed in order to carry out any such partnership, it is done securely and within the confines of the law.

At national level – for example – is part of the Irish Safer Internet Centre

The Irish Safer Internet Centre is a consortium of Industry, education, child welfare and Government partners, providing a range of functions and activities to make the Internet a safer and more positive environment for children and young people. Webwise, PDST Technology in Education provides the Irish Internet Safety Awareness Hub; provides the primary national channel where the public can securely, anonymously and confidentially report suspected illegal content online, especially child sexual abuse and activities relating to the sexual exploitation of children in a way; ISPCC – Childline – provides 24 hours confidential Helpline service for all children up to 18 years; while NPC provides Helpline service to parents and guardians. The Department of Justice and Equality, is the Project Coordinator. Since 2008 the partnership has been appointed by the European Commission as the Safer Internet Centre for Ireland and is one of 30 Safer Internet Centres in Europe.

Further information about our Irish Safer Internet partners and their Privacy Policy can be found on their websites.

At international level – for example – we are one of the founding members of INHOPE, the International Association of Internet Hotlines

INHOPE is a membership organisation uniting 47 Internet hotlines from across the globe (incl. INHOPE’s mission is to support and enhance the work of hotlines by managing a secure international report management system (ICCAM) which enables efficient and secure processing of illegal content between hotlines in different jurisdictions. The ICCAM platform is managed by INHOPE in collaboration with INTERPOL and developed with funding from the European Union. Additionally, INHOPE establishes policies and best practice standards for hotline operations (e.g. technical safeguards) and ensures they are uniformly applied by existing and new member hotlines. INHOPE is also responsible for expanding the network of trust by supporting the establishment of new hotlines particularly in countries where there would appear to be a need for hotline service.

Further information about INHOPE and their Privacy Policy can be found on their website.

5. Recruitment and employees

If you choose to apply for a role with you may be asked to complete a standardised application form in addition to your CV. Within the application form you will be asked for your name and contact details. We will also ask for your prior employment experience, education, referees and we’ll ask that you answer specific questions regarding the role you’re applying for. All the information you provide during the recruitment process will only be used for the purpose of progressing your application or to fulfil legal or regulatory requirements if necessary.

The information will be accessible to our recruitment team and will not be made available to anyone outside of our recruitment team. Our recruitment team will be in touch with shortlisted applicants to make arrangements for any interviews and to discuss the format that these may take. We do not collect more information than we need to fulfil our stated purpose and will not retain it for longer than necessary. Successful candidates will be requested to provide the necessary information for payroll processing and payment purpose along with emergency contact details, so we know who to contact in case you have an emergency at work.

We retain data with respect to our current employees to allow us to fulfil our requirements of their employment contract and relevant legal obligations.

We retain data with respect to former employees for a period of six years following the end of their contract in case of reference requests. This information will subsequently be appropriately and securely disposed of, unless otherwise required for example details retained for pension purpose.

Personal information from unsuccessful candidates will be retained for a maximum of six months following closure of the job posting in case of queries after which time it will be appropriately and securely disposed of.

6. Communications

Aside from the website, our primary channel of communication with the general public, interested parties and stakeholders is our social media feed via Twitter (@Hotline_ie), where we post articles, news, snippets of information that we feel could be of interest.

It is the responsibility of users of sites such as Twitter to maintain their own personal privacy settings. As the controller of our social media account(s) we reserve the right to have abusive or offensive content by users blocked or removed and will report any such behaviour to the social network at hand.

Where links to third party websites are provided we cannot be held responsible for the privacy of data collected by those sites. You should always consult each website’s respective Privacy Notice or Policy if you have any concerns or would like further information.

7. Your rights

Subject to Section 60 of the Data Protection Act, 2018 and any associated Regulations, the GDPR specifies the following rights for data subjects:

  • right to be informed
  • right of access to your personal information
  • right of rectification to your personal information
  • right of erasure to your personal information
  • right to restrict data processing
  • right to data portability
  • right to object to processing of your personal information
  • right in relation to automated decision making and profiling [we do not undertake automated decision making or profiling]

If you make a request relating to any of the rights listed above, we will consider each request in accordance with all applicable data protection laws and regulations and respond in the first instance within one month of receipt.

No administration fee will be charged for considering and / or complying with such a request unless the request is deemed to be excessive in nature. If a complex request is received, we may need to extend the period to a further two months in order to respond appropriately. We will inform you of the reasoning behind any extension.

Upon successful verification of your identity you are entitled to obtain the following information about your own personal information:

  • the purposes of the collection, processing, use and storage of your personal data
  • the source(s) of the personal information, if it was not obtained from you
  • the categories of personal data stored about you
  • the recipients or categories of recipients to whom your personal data has been or may be transmitted, along with the location of those recipients
  • the envisaged period of storage for your personal data or the rationale for determining the storage period.

Should you wish to exercise any of your rights please contact us at or by writing to:
25 Sandyford Office Park
Blackthorn Avenue
D18 W8KK

Please be aware that during the Covid-19 pandemic there is a reduced workforce in our office therefore online contact is recommended to ensure a swift response to your query.

You have the right to lodge a complaint directly with the Data Protection Commission if you believe your data has not been processed in the stated way or in accordance with GDPR. You can contact the Data Protection Commission +353 (0)761 104 800 or +353 (0)57 868 4800. For more details on how to contact the Data Protection Commission please visit their website.

8. Personal data breaches

The GDPR defines a personal data breach as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed".

We take any suspicion of a personal data breach seriously and will fully investigate. In accordance with GDPR, the Data Protection Commission will be notified without undue delay if we believe a breach has occurred, and depending on the circumstance, also contact those who may be impacted. Where we feel it necessary in the event of a breach, we may employ an independent consultant or advisor to investigate the matter on our behalf.

9. Changes to this Privacy Statement

We reserve the right to make changes to this Privacy Statement. Each time you visit our website we would encourage you to check that no changes have been made to any sections that are important to you. This Privacy Statement was last updated in December 2020.