Data Processing

Operation Configured holds limited data in order to fulfil our policing function of crime prevention. You can choose to opt out of future notifications from this specific operation at any time.

The information here should be read in addition to the wider information about how Thames Valley Police manage and process data.

Operation Configured draws data from other data sources and performs our own analysis and enrichment in order to attempt to identify the person or people who have some technical ownership of any internet connected device which we geolocate to our region. The data we may use to do this includes:

  • Internet Protocol (IP) address of the vulnerable asset
  • Associated vulnerability
  • Contact name, email address, telephone number or postal address
  • Other data from WHOIS internet records

Operation Configured hold this data only for as long as necessary in order to try and make contact with the right person who can be given relevant information about their vulnerable asset. Once contact is made, this data will be held for a maximum period of 3 months in case further contact is necessary. At the earliest opportunity, data is anonymised to remove personally identifiable information and only performance related information is retained.

Should you wish to opt-out of further correspondence about a particular vulnerability, please email and make clear in both the subject line and email body that the purpose of contact is to opt-out. Please note, we can only record specific emails as opting-out and not entire organisations.