Tips on how to stay safe online during the COVID-19 pandemic


The Safety by Design assessment tools respect the participant’s privacy.

A privacy impact assessment was completed as part of the development process.

This page outlines what non-identifiable data is collected and how it is used by the assessment tools.

Data collection and use


Cookies are essential to how the assessment tools operate, allowing participants to navigate through the questions in an individual module, without needing to continually re-login. The assessment tools will not work if the user’s browser is configured to block cookies. 

For more information, please see the cookies policy.

Personal information

The assessment tools are not able to identify participants or be used for enforcement purposes.

No personal information on the individual participant or their organisation is collected by the assessment tools. The multiple-choice answers are general in nature and do not identify the organisation they are based on. 

IP addresses

The participant’s IP address is used to determine the country where they are completing the assessment, but the IP address itself is not captured or stored in the assessment tool.

Non-identifiable data collection

The multiple-choice answers to the assessment questions are captured by the tool. This allows the tool to record the participant’s progress, ask questions based on previous answers and display relevant case studies and other material. The answers are also used to create the tailored end report.

The answers provided by all participants are stored in anonymised aggregate and may be used to identify areas where additional guidance and information is required.

Non-identifiable data storage

The multiple-choice answer data is stored in a temporary data store, and synced with a long-term data store to enable anonymised, aggregated reporting. The synching process occurs twice each day.

Temporary data expires:

  • 72 hours after all modules are completed and end reports generated
  • seven days from when a participant last accessed the assessment tools
  • 90 days from when the unique reference code was generated.

Unique reference code

Participants are given a unique reference code when they first login, so the assessment can be completed over several sessions. Participants must login at least every seven days to keep this reference code valid. After 90 days, all data from the temporary data store expires to protect the anonymity of our users.

More information

For more information, please see the privacy policy, which provides further information about how eSafety handles personal information.