Privacy Notice
This notice explains how Cecure Intelligence Limited (“CIL”, “we”, “us”) processes personal data when you use the NCLOPS public marketing website—including programme pages, legal information, and the contact form. It does not replace privacy documentation for a deployed NCLOPS country or programme platform instance; those environments are operated under separate contracts, data controllers, and privacy notices published by the relevant government or organisation.
1. Who is responsible?
For this public website, the data controller is Cecure Intelligence Limited, a company registered in the United Kingdom. The primary channel for privacy questions and requests relating to this site is nclops@cil.support, which acts as the correspondence hub for NCLOPS public-site matters.
2. Scope of this notice
This notice covers:
- Browsing the NCLOPS public website (HTML pages, assets, and linked resources served from our infrastructure).
- Submitting the contact form and any optional CAPTCHA challenge presented with it.
- Standard web server and security telemetry needed to operate the service safely.
It does not govern authentication to, or use of, a separate NCLOPS platform web application (for example environments on nclops.net), which may be operated by CIL or by a customer under its own legal basis and notices.
3. What personal data we process
3.1 Contact form
If you contact us, we process the information you enter: typically name, email address, organisation (optional), message body, and a CAPTCHA verification token produced by the configured provider (for example Cloudflare Turnstile). We use this data solely to understand your enquiry, respond, and maintain a record of the communication where there is a legitimate interest or pre-contractual need.
3.2 Technical and security logs
Like most websites, our servers and edge network may automatically record technical data such as IP address, approximate location derived from IP, user agent, requested URL, HTTP status, referrer, and timestamps. We use this information for security monitoring, abuse prevention, capacity planning, and troubleshooting.
3.3 Cookies and similar technologies
We use cookies and similar storage for essential operation, CAPTCHA, and—as described below—aggregate web analytics. Details are set out in our Cookie Notice.
3.4 Web analytics (Google Analytics 4)
We use Google Analytics 4 on this public website to understand aggregate traffic (for example page views, approximate geography, devices, and referrals). The configured measurement identifier is referenced in our Cookie Notice. Google acts as a processor under our instructions for this purpose. You can read how Google uses information from sites that use its services in Google's Privacy & Terms. We do not use this public-site tag on authenticated NCLOPS platform applications hosted elsewhere.
4. Lawful bases (UK GDPR / GDPR)
Depending on the processing activity, we rely on one or more of the following lawful bases:
- Legitimate interests (Article 6(1)(f)): operating, securing, and improving the public website; aggregate measurement of site effectiveness (including through Google Analytics); responding to unsolicited enquiries that are relevant to our business; fraud and abuse prevention.
- Contract / steps prior to contract (Article 6(1)(b)): where your message relates to procurement, pilot participation, or another arrangement we are discussing with you.
- Legal obligation (Article 6(1)(c)): where we must retain or disclose information to comply with law or regulatory requests.
We do not use this public website to profile individuals for automated decisions with legal or similarly significant effects.
5. Recipients and processors
We use reputable infrastructure and service providers (for example cloud hosting, content delivery, email delivery, CAPTCHA, and Google Analytics for aggregate measurement of this marketing site) who process data on our instructions or under their terms as applicable. They are subject to contractual confidentiality and security obligations where we act as controller. CAPTCHA providers may process technical and interaction data under their own policies for fraud prevention.
6. International transfers
Your data may be processed in the United Kingdom and, where we use global cloud or CAPTCHA services, in other countries. Where personal data is transferred outside the UK and EEA, we implement appropriate safeguards such as the UK International Data Transfer Agreement / Addendum, EU Standard Contractual Clauses, or adequacy decisions, as applicable.
7. Retention
We retain contact form content and related correspondence for as long as needed to fulfil your request and for a reasonable period afterwards for follow-up, dispute resolution, and legal defence—typically up to twenty-four (24) months unless a longer period is required by law or active litigation. Security logs are retained on a rolling basis according to operational policy (often a shorter period, subject to incident investigation needs).
8. Your rights
Subject to applicable law, you may have the right to:
- Request access to your personal data;
- Request rectification of inaccurate data;
- Request erasure in certain circumstances;
- Request restriction of processing;
- Object to processing based on legitimate interests;
- Request data portability where processing is based on consent or contract and is automated;
- Withdraw consent at any time, where we rely on consent (rare for this site).
To exercise rights, email nclops@cil.support with sufficient detail for us to verify your identity. You may also lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).
9. Security
We implement appropriate technical and organisational measures, including transport encryption (HTTPS), security headers, access controls on administrative systems, and supplier due diligence. No online transmission is completely secure; please do not send highly sensitive clinical identifiers through the public contact form.
10. Children
This website is intended for professional and governmental audiences. It is not directed at children. If you believe a child has provided personal data through the contact form, contact us and we will take steps to delete it where appropriate.
11. Changes to this notice
We may update this page to reflect legal, technical, or business changes. Material changes will be indicated by updating the “Last updated” date at the top. Continued use of the site after changes constitutes notice of the update; where required by law, we will obtain additional consent.
12. Contact
For all privacy matters relating to this public website, contact nclops@cil.support.