To process your data, we need to ensure we meet one of six lawful reasons as required by the GDPR (General Data Protection Regulation).
As a public authority; our reasons will typically be because we must process your data to meet a legal obligation to do so or that we can carry out a task in the interests of the public. Detailed information on which lawful reasons apply for each of our services can be found in our privacy notices.
The GDPR says that you have the following rights with regard to your personal data held by any organisation.
1. Your right to be informed
When directly collecting your personal data, we will explain exactly what will happen to it using a Privacy Notice. If we collect personal information about you from another organisation (indirectly), we will provide you with similar information, as well as explaining where we got your information from.
2. Your right to access
You can request a copy of all, or part of, the personal data we hold about you by submitting a Subject Access Request (SAR). A guide to submitting a Subject Access Request can be found on the Information Commissioner's website.
You will need to provide enough detail about yourself to enable us to identify your personal data, such as your name, address, and what contact you have had with the Service.
You will also need to provide us with a description of the information you are looking for to enable us to locate it. Please be as specific as you can to assist our search.
We will also require proof of your identity. This can be a copy of your driving licence, birth certificate, or passport. Copies of your proof of identification will be destroyed once the SAR has been completed.
Will there be a charge?
Information requested as a SAR will be provided free of charge (unless you are asking for additional copies of information previously supplied, or we have good grounds to consider the requests unfounded or unnecessary).
How long will it take?
We will acknowledge your request upon receipt. Once proof of ID and any fee has been received, you will receive the information requested within one month.
However, if your request is complex or numerous requests have been made, we may be required to extend this to up to three months. If this is the case, we will contact you within one month of receiving your request to notify you and provide a full explanation.
What will I receive?
You have the right to all of the personal data about you that we hold. However, there are some exemptions that we will explain if relevant.
Any decision to disclose another individual’s information to you will be made on a case-by-case basis. We will endeavour to supply the information in the requested format.
Requests made on your behalf (for example, by a solicitor, relative or friend) will require written evidence of their authority to make such a request and must satisfy us that they are entitled to do so.
We would also need to be satisfied that you understand what information may be disclosed to someone acting on your behalf. In some circumstances, we may send the information directly to you.
If you would like to make a Subject Access Request please contact the Information Governance Manager.
Telephone 01392 872582.
3. Your right to rectification
If you discover that the personal data we hold about you is inaccurate or incomplete, you have the right to instruct us to correct it and we must comply with this instruction within one month.
You must be clear about exactly what you believe is inaccurate and how we must correct it, providing evidence of the inaccuracies where available.
We will confirm that we have corrected your personal data. However, if we consider that your data does not need to be corrected, we will tell you why. Either way, we will respond to your request within one month (or up to three months for complex requests).
4. Your right to erasure
The right to erasure gives you the option to request the deletion or removal of your personal data where there is no reason for us to continue to use it.
The right is not absolute and we will not delete personal data which we still need to fulfill our official responsibilities as a fire service. We will notify you if this is the case.
5. Your right to restriction
You have the right to request that we restrict any processing of your personal data until any errors have been rectified. In this situation, the right to restrict is not stand-alone and can be applied in tandem with the right to rectification.
The right to restriction can also be applied in other situations. If you are concerned that we may be processing data about you in a manner that isn’t fair and lawful, you can request that processing is restricted while you pursue a complaint / determine our condition for processing.
We will consider your request and reply within one month (or three months for complex cases) with the outcome.
6. Your right to portability
The right to data portability is very unlikely to apply for information held by a fire service. This is because it is exempt from reliance on lawful reasons to process data including having a legal obligation or carrying out a task in the interest of the public. We will of course consider such requests and respond within one month.
7. Your right to object
You have the right to object to us processing your personal data for the purposes we consider to be in the public interest whilst exercising our official authority as a fire service. If you do raise an objection we will stop using your personal data, unless we are able to prove overriding legitimate grounds for doing so.
8. Rights relating to automated decision making
We use Mosaic data that categorises groups of people into types based on demographic characteristics, lifestyles and behaviour. We merge this with our own incident data to understand what ‘type’ of person is more likely to have a fire than another one. We use the information to help us prioritise those most vulnerable to fire death. Location data such as addresses and whether occupants are over a specific age are factors in how we prioritise.
For more information on your rights under the GDPR see the Information Commissioner's website.
Should you wish to exercise any of your rights, you can contact us.
Due to the diverse nature of our services, we would require information from you in order to confirm your identity and the services you received. Examples of this are below.
- Did you call 999? If yes, we would need approximate details about the date, time, and reason for your call, including your contact details at the time of the call.
- Have you received a Home Safety Visit? If yes, we would need approximate details about the date, and reason for your visit, including your contact details at the time of the visit.
We will acknowledge your request upon receipt and respond fully within 30 days. In some cases, we may require additional time to comply with your request. If this is the case, we will notify you within the first 30 days following receipt of your request.
In most cases, we will not charge a fee. However, where the request is manifestly unfounded, excessive, or duplicated we may charge a “reasonable fee” for the administrative costs of complying with the request. If we do intend to charge a fee, we will notify you upon receipt of your request.
The Information Governance Manager holds the role of the Data Protection Officer (DPO) for the Service. The DPO is your main point of contact should you have a concern about how your personal information is being managed and their contact details are:
telephone 01392 872582.