Tap a region to visit the official Facebook page.
Effective date: 11 November 2025
This Privacy Policy, Transparency Notice and Data Protection Statement (“Policy”) explains in extensive detail how Red Rose UK processes personal data in compliance with the United Kingdom General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.
This Policy is intended to meet the transparency requirements set out in Articles 12, 13 and 14 UK GDPR and to provide clear, accessible, and comprehensive information to data subjects, users, regulators, and other interested parties regarding the nature, scope, purposes, lawful basis, and safeguards associated with Red Rose UK’s processing activities.
Red Rose UK recognises that its activities involve the processing of sensitive and high-impact personal data. Accordingly, this Policy has been drafted to reflect the seriousness of those activities and the corresponding obligations under data protection law.
For the purposes of the UK GDPR and the Data Protection Act 2018, the data controller is:
The Data Protection Officer is responsible for oversight of data protection compliance, internal governance, and engagement with supervisory authorities. All data protection enquiries, including the exercise of individual rights, should be directed to the contact email above.
Red Rose UK is established in the United Kingdom and carries out its core processing activities within the UK. As such, UK data protection law applies to all processing activities described in this Policy.
The website is publicly accessible and may be viewed by users located outside the United Kingdom. Such access is incidental and does not indicate that Red Rose UK targets individuals outside the UK or intends to process personal data relating to non-UK individuals.
Where third-party service providers process data outside the UK, appropriate safeguards are relied upon in accordance with Chapter V UK GDPR.
Red Rose UK operates a public-interest safeguarding, awareness, and risk-identification platform. The platform aggregates, analyses, contextualises, and presents information derived from publicly available and verifiable sources relating to serious criminal behaviour.
The platform’s activities are rooted in safeguarding, harm prevention, and public awareness. Its primary focus is on offences that present a significant risk to vulnerable individuals or the wider public, including but not limited to sexual offences, child cruelty, domestic abuse, and animal abuse.
Red Rose UK is not a law enforcement agency, does not exercise statutory powers, and does not make determinations of guilt or innocence beyond accurately reflecting information contained within verified source material.
Inclusion of an individual on the platform does not constitute a legal judgment or sanction. It reflects the existence of information within the public domain that is assessed as relevant to safeguarding and public awareness.
Where necessary, proportionate, and supported by reliable sources, Red Rose UK may process and publish the following categories of personal data:
Red Rose UK does not routinely publish full residential addresses as part of its verified content and does not seek to identify precise current locations of individuals.
The platform enables registered users to submit additional information relating to individuals listed on the site. This may include, but is not limited to:
Such information constitutes user-generated content. Due to the volume, nature, and decentralised submission process, this information is not always capable of immediate or comprehensive verification.
Red Rose UK acts as a hosting intermediary in respect of user-generated content. It does not originate such content and does not assert its accuracy unless and until it has been independently verified against reliable public sources.
User-generated content may be inaccurate, outdated, incomplete, or disputed. Red Rose UK does not accept responsibility for the accuracy or legality of unverified user submissions and cannot reasonably moderate all such content in real time.
Where user-generated content is identified as inaccurate, unlawful, excessive, or disproportionate, Red Rose UK may review, restrict, correct, or remove such content following assessment.
Red Rose UK processes personal data relating to criminal allegations, investigations, charges, court proceedings, and convictions. Such data constitutes criminal offence data within the meaning of Article 10 of the United Kingdom General Data Protection Regulation (“UK GDPR”) and is subject to enhanced legal protections and safeguards.
The processing of criminal offence data by Red Rose UK is undertaken strictly for safeguarding, harm-prevention, public awareness, and public interest purposes. Processing is not carried out for commercial profiling, marketing, or punitive objectives, and is limited to what is necessary and proportionate to achieve legitimate safeguarding aims.
Red Rose UK restricts the scope of criminal offence data processed to defined categories of serious offending where there is a demonstrable public interest in transparency and risk awareness. This includes, but is not limited to, offences involving sexual harm, child cruelty, serious violence, domestic abuse, and animal abuse, where publication and retention are assessed as necessary to protect the public and vulnerable groups.
Criminal offence data processed by Red Rose UK is derived from publicly available, verifiable, and reputable sources. These sources are selected to ensure accuracy, accountability, and traceability, and typically include:
Red Rose UK does not rely on rumour, speculation, or unsubstantiated allegations when creating or maintaining criminal offence records. Where data originates from third-party or user submissions, it is treated as unverified unless and until corroborated by an authoritative source.
Criminal offence data is processed in conjunction with an appropriate lawful basis under Article 6 UK GDPR, typically Article 6(1)(f) (legitimate interests), and is subject to additional safeguards as required by Article 10 UK GDPR and the Data Protection Act 2018.
Red Rose UK implements a range of technical and organisational measures to protect criminal offence data, including:
Red Rose UK takes reasonable steps to ensure that criminal offence data is accurate, up to date, and presented in an appropriate context. Where new information becomes available—such as appeal outcomes, acquittals, or amended sentences—records are reviewed and updated accordingly.
Criminal offence data is not retained indiscriminately. Ongoing retention is periodically reviewed against safeguarding necessity, public interest considerations, and proportionality. Where full erasure is not justified, Red Rose UK may apply alternative mitigations such as restriction, contextual clarification, or removal of high-risk supplementary fields.
Data subjects retain the right to challenge the accuracy or lawfulness of criminal offence data processed about them, subject to the limitations and exemptions set out in the UK GDPR and explained in Red Rose UK’s Data Subject Rights and Erasure Handling Policy.
Red Rose UK recognises that certain processing activities on the platform may involve “special category data” within the meaning of Article 9 UK GDPR. Special category data includes, among other things, biometric data processed for the purpose of uniquely identifying a natural person. Special category data attracts enhanced legal protections, and Red Rose UK applies heightened safeguards, governance controls, and risk assessments to ensure compliance, necessity, and proportionality.
Red Rose UK does not seek to process special category data as a routine feature of the platform. Where special category processing occurs, it is limited, risk-assessed, and undertaken only where necessary for safeguarding, harm prevention, and public protection objectives, and where an appropriate Article 9 condition is satisfied.
Red Rose UK operates an AI-assisted facial comparison feature which allows a user to upload an image for the purpose of comparing that image against images already associated with individuals listed on the platform. This type of processing involves biometric data and, where it is processed to uniquely identify a natural person, constitutes special category data under Article 9 UK GDPR.
The feature is designed and implemented with “privacy by design and by default” principles. In particular, it is structured to minimise biometric risk by reducing retention, limiting scope, and avoiding the creation of persistent biometric identifiers from user uploads.
The facial comparison feature operates subject to the following core constraints:
Biometric processing is carried out solely for safeguarding and harm prevention purposes, including enabling members of the public to identify whether an image may correspond to an individual already listed in relation to serious safeguarding-relevant offending. It is not carried out for advertising, commercial profiling, or general identity verification.
Where biometric processing constitutes special category processing, Red Rose UK relies on an appropriate Article 9 condition, typically Article 9(2)(g) (processing necessary for reasons of substantial public interest), read with relevant provisions of the Data Protection Act 2018. This is supported by an Article 6 lawful basis (typically Article 6(1)(f) legitimate interests) and reinforced by a documented risk assessment and governance framework.
In addition to general platform security controls, Red Rose UK applies additional safeguards where biometric or special category processing is in scope, including:
Where a data subject believes special category or biometric data relating to them is being processed in a manner that is inaccurate, disproportionate, or unlawful, they may raise a rights request in accordance with Section 12 and Red Rose UK’s separate Data Subject Rights, Requests and Erasure Handling Policy.
Red Rose UK processes personal data sourced from a combination of (a) verified public sources and (b) user-generated submissions. The platform is designed to distinguish between “verified platform data” and “unverified user-generated content” because the reliability, risk profile, and appropriate mitigations differ materially between those categories.
Where Red Rose UK publishes or otherwise relies on data as verified platform data, it is typically sourced from publicly available and verifiable materials, including:
Red Rose UK does not rely on rumour or speculation as a basis for verified publication. Where information is derived from public reporting, it is assessed for reliability, specificity, and corroboration.
Registered users may submit additional information to the platform. User submissions may be supported by documentary evidence. User submissions are not automatically treated as verified platform data, and Red Rose UK may apply restrictions, moderation, or removal where submissions are disputed, excessive, or create a credible risk of harm.
Where personal data is obtained indirectly (for example, from public listings or published outcomes), Red Rose UK relies on transparency via this Policy and associated published notices. Individual notification under Article 14 may not be provided where it would involve disproportionate effort, would undermine safeguarding objectives, or is otherwise subject to a lawful limitation.
Red Rose UK processes personal data for specific, defined, and legitimate purposes connected to safeguarding and public protection. Processing is not unlimited in scope and is structured around necessity, proportionality, and risk management.
The primary purpose of processing is to promote safeguarding and harm prevention by enabling risk awareness, pattern identification, and public understanding of serious offending behaviours relevant to vulnerable individuals and communities.
Red Rose UK seeks to increase public awareness of serious safeguarding risks, including common modus operandi, risk indicators, and public safety considerations. This is undertaken to support informed decision-making and responsible reporting to appropriate authorities.
Where relevant, processing may assist victims and survivors by improving awareness of offending patterns, supporting community safeguarding initiatives, and enabling individuals to identify information that may be relevant to reporting or protective action.
Red Rose UK may process and present information in ways intended to help members of the public identify potentially relevant information for lawful reporting to law enforcement or other competent safeguarding bodies. Red Rose UK does not replace statutory safeguarding agencies and does not provide legal advice to the public as part of this Policy.
Red Rose UK may conduct internal research and statistical analysis of offending patterns, including trend analysis, geographic aggregation, and risk categorisation. Where such analysis is undertaken, it is performed with appropriate controls and is not used to make solely automated decisions producing legal or similarly significant effects about individuals.
Red Rose UK processes personal data under one or more lawful bases under Article 6 UK GDPR, depending on the specific processing activity. The primary lawful basis relied upon for the platform’s core safeguarding processing is Article 6(1)(f) UK GDPR (legitimate interests).
The legitimate interests pursued include safeguarding, harm prevention, public awareness, public protection, and enabling informed decision-making by the public and relevant stakeholders. These interests are balanced against the rights and freedoms of data subjects, taking into account:
Where special category processing is engaged (including biometric processing for identification), Red Rose UK relies on an appropriate Article 9 condition, typically substantial public interest under Article 9(2)(g), together with appropriate safeguards and governance.
Criminal offence data is processed with additional safeguards and controls, as described in Section 5 and throughout this Policy, consistent with Article 10 UK GDPR and the Data Protection Act 2018.
Red Rose UK recognises that inaccurate safeguarding information can create serious harm. Red Rose UK therefore takes reasonable and proportionate steps to ensure that verified platform data is accurate, appropriately sourced, and presented in a fair and contextualised manner.
Verification is conducted by reference to primary or authoritative sources where available. Where secondary sources are used (for example reputable media reporting), they are assessed for reliability, specificity, and corroboration, and are treated as supporting material rather than definitive proof unless supported by additional corroboration.
User-generated content is not assumed to be accurate and is treated as unverified unless corroborated. Red Rose UK cannot guarantee the accuracy of unverified user submissions and cannot reasonably moderate all user submissions in real time. Where credible disputes arise, Red Rose UK may restrict, remove, or annotate disputed unverified elements.
Red Rose UK maintains records of material moderation actions and changes to verified platform data, including audit logs. These records support accountability under Article 5(2) UK GDPR and may be used to evidence compliance, respond to disputes, and engage with the ICO where required.
Red Rose UK applies a safeguarding-based retention approach rather than fixed retention periods. Data is retained where retention remains necessary for the platform’s legitimate safeguarding purposes, subject to periodic review, proportionality assessment, and risk mitigation. Retention is not indiscriminate: the continued necessity of retaining data is considered by reference to seriousness, relevance, and ongoing safeguarding purpose.
Retention decisions are informed by:
Conviction data may be retained for extended periods and, in appropriate cases, indefinitely where continued processing is assessed as necessary for safeguarding and substantial public interest purposes. Red Rose UK does not automatically remove data solely because a conviction has become “spent” under the Rehabilitation of Offenders Act 1974. The fact of a conviction becoming spent may be considered as a factor within a proportionality assessment, but it is not determinative.
User-generated content is retained subject to platform necessity, risk management, and moderation outcomes. Where user-generated content is high-risk (for example full addresses or telephone numbers), Red Rose UK may apply earlier restriction or removal if the content is disputed, appears excessive, or creates a credible risk of harm.
Where Red Rose UK reasonably anticipates legal proceedings, regulatory inquiry, complaint handling, or dispute escalation, it may preserve relevant data notwithstanding a request for erasure or restriction. This is necessary for the establishment, exercise, or defence of legal claims and for accountability obligations.
Individuals have rights under the UK GDPR, including the rights of access, rectification, restriction, objection, and (in certain circumstances) erasure. Red Rose UK handles rights requests in accordance with statutory requirements, relevant exemptions, and a documented internal procedure designed to ensure consistency and auditability.
Requests must be submitted by email to [email protected]. Red Rose UK uses email correspondence to ensure written records, identity assurance, and secure handling. Requests may be made without referencing the UK GDPR; a request is valid if it can reasonably be interpreted as exercising a right.
To prevent unauthorised disclosure or malicious interference, Red Rose UK requires identity verification before providing personal data or taking substantive action. Verification typically requires photographic identification and proof of address. Where requests are submitted by representatives, written authority may also be required.
In responding to DSARs, Red Rose UK provides personal data relating to the requester, subject to lawful limitations, including where disclosure would adversely affect the rights and freedoms of others. Redactions may be applied where necessary to protect victims, reporters, vulnerable persons, or the integrity of safeguarding systems.
Erasure requests are assessed on a case-by-case basis. Accurate criminal offence data and safeguarding-relevant information is not routinely erased where continued processing is lawful, necessary, and proportionate. Where full erasure is not justified, Red Rose UK may apply mitigations such as restriction, contextual updates, and removal of disputed unverified data fields.
Further detail is provided in Red Rose UK’s Data Subject Rights, Requests, Objections and Erasure Handling Policy.
Red Rose UK does not sell personal data. Disclosure of personal data is limited to circumstances where it is necessary, proportionate, and lawful. In the ordinary course, Red Rose UK’s publication model is based on making information accessible through the platform, rather than distributing personal data to third parties.
Red Rose UK may disclose personal data to law enforcement agencies or other competent safeguarding bodies where:
Where practicable and appropriate, Red Rose UK will seek to verify the authenticity and scope of authority requests. Disclosure decisions are documented for accountability purposes.
Red Rose UK uses third-party service providers for hosting, security, analytics, and operational functionality. Where such providers act as processors, they are required to process data only on Red Rose UK’s instructions and under appropriate contractual safeguards.
Because the platform is publicly accessible, personal data published on the site may be accessed, copied, shared, or republished by third parties not controlled by Red Rose UK. Red Rose UK cannot control third-party republication. This risk is considered within proportionality assessment and mitigation measures.
Some third-party service providers used by Red Rose UK may process personal data outside the United Kingdom. International transfers are managed in accordance with Chapter V UK GDPR and applicable UK adequacy regulations.
Where data is transferred outside the UK to a jurisdiction without an adequacy decision, Red Rose UK relies on appropriate safeguards, which may include standard contractual clauses or equivalent mechanisms, together with risk-based supplementary measures where required.
Examples of providers that may be involved in processing include infrastructure/security and analytics providers (for example Cloudflare, Google Analytics, and hosting providers). The providers used may change over time as operational needs evolve. Red Rose UK seeks to ensure that any such providers implement appropriate security measures and contractual protections.
Red Rose UK applies technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. Given the nature of the platform and the potential risks to data subjects, security is treated as a core operational priority.
No security measure can guarantee absolute security. However, Red Rose UK continuously improves security controls and responds to emerging risks.
Red Rose UK’s platform is intended for safeguarding and public awareness. It may be accessed by individuals under 18 for informational purposes; however, Red Rose UK does not knowingly seek to collect personal data directly from children and does not provide accounts or features designed to solicit personal data from minors.
Where Red Rose UK becomes aware that it has collected personal data directly from a child in a manner inconsistent with this Policy, it will take proportionate steps to delete or restrict that data, subject to safeguarding and legal requirements.
In addition, Red Rose UK recognises that certain data subjects may be vulnerable individuals. Red Rose UK considers vulnerability within proportionality assessments, particularly where user-generated content includes high-risk fields such as full addresses or contact numbers.
This Policy may be updated periodically to reflect changes in law, case law, ICO guidance, platform functionality, service providers, or operational practices. Where updates are made, the revised version will be published on the website and will take effect from the updated effective date.
Material changes to this Policy may be accompanied by updates to related internal documents, including (where applicable) Legitimate Interests Assessments, Data Protection Impact Assessments, security documentation, and rights-handling procedures. Red Rose UK maintains records of significant governance decisions to support accountability under Article 5(2) UK GDPR.
Where practicable, Red Rose UK may provide notice of significant changes via the platform. Continued use of the website after publication of an updated Policy indicates that the user has had an opportunity to review the updated notice.