Cambridgeshire Fire and Rescue Service (CFRS) collects and uses your data in order to carry out our public duties. This privacy notice is designed to give you a clear explanation of our data processing policies. Please note, we periodically review this notice and it may be amended in future to reflect any changes in our services, the law or our organisation.
As a Data Controller we have a legal requirement to make sure you know what we intend to do with your information and who it will be shared with. Any personal information you provide will be processed in accordance with the Data Protection Act (DPA) (2018) and UK General Data Protection Regulation (UK GDPR). All employees or volunteers who have access to your personal data or are associated with the handling of that data are trained and obliged to keep your data confidential and CFRS has appropriate procedures in place for the unlikely event of your information being misused.
Why do we collect information about you?
We need to collect and hold information about you, in order to:
- Deliver public services relating to fire and rescue services and fire safety
- Confirm your identity to provide some services
- Contact you by post, email or telephone
- Understand your needs to provide the services that you request
- Obtain your opinion about our services
- Help us understand how we are performing our public duty to the communities we serve and identify how our services may need to evolve
- Allow us to undertake statutory functions efficiently and effectively.
To process your data, we need to ensure we meet at least one of the six lawful reasons as required by the DPA (2018). As a Public Authority; our reasons will typically be because we must process your data to meet a legal obligation to do so or that we can carry out one of our designated public tasks as a fire service. Other reasons may include:
- To carry out our public duties of a Fire and Rescue Service from the Fire and Rescue Services Act 2004.
- To meet our duties under the Equality Act 2010.
- To work with other public organisations such as the police, ambulance service and local councils for public safety including community emergency responses under the Civil Contingencies Act 2004.
- For the investigation, detection and prevention of crime or if we are required to do so by law.
- To protect someone from danger from themselves or others. This could be danger to you, people around you, our staff or staff in other services like the Police or Ambulance Service.
- Explicit consent for activities that help us in carrying out our public power of improving general community safety.
- For staff recruitment, employment or social security reasons.
Who might we get your personal information from?
- Your family members, employer or representative.
- Your landlord.
- Other public bodies such as the police, ambulance service, local councils and the NHS.
- Charities and support services who you have given permission to share your information for fire safety reasons.
- Other organisations such as companies who you have given permission to share your information for security or key holding purposes.
Do we share your information?
When necessary, your personal data will also be provided to companies who carry out some services or functions on behalf of CFRS (“data processors”), to other public bodies - such as the police, local authorities and NHS – and sometimes to non-statutory organisations. In these cases we will inform you which of the information we intend to share and which organisations it will be shared with. Any organisation we do share your information with will also be obliged to protect it in line with the DPA (2018).
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
We may also share information with the police, intelligence services and other agencies where required to by law for the investigation of fraud under the National Fraud Initiative.
To find out more about the data collection requirements placed on us by the Home Office (for example; regarding incidents and prevention work) go to: https://www.gov.uk/government/collections/fire-statistics.
How do we keep your data safe?
We are committed to keeping your personal data safe. Our aim is not to be intrusive, and we will only ask you for the information that is necessary for us to complete the task for which it is collected. We have physical, electronic and organisational procedures to protect and safely use the information that we hold about you. These include:
- Secure work areas.
- Information security training for our staff.
- Access controls on information systems.
- Encryption of personal data.
- Testing and checking security controls.
- Checking privacy when we change how we use or store personal information.
- Written contracts with companies we use for storing information.
The information you provide can be held in a variety of systems and formats. This can include but is not limited to information held in Cambridgeshire Fire and Rescue Service data management systems, written correspondence, emails, photographs, audio recordings and video recordings, including CCTV and aerial drone footage.
Where we use more sensitive data, like health information, we protect this information with extra controls. We also use anonymised data wherever we can, so individuals can't be identified.
How long will you keep my data?
We will not keep your information longer than it is needed or where the law states how long this should be kept and we will dispose of paper records or delete any electronic personal information securely.
What are my rights?
Under the DPA (2018) you have several statutory rights relating to your own personal data:
- Access - you have the right to know what data we hold relating to you and why, and to receive a copy of it
- Rectification - you have the right to have inaccurate information about you corrected
- Objection - you have the right to object to us using your information, and we would have to stop unless we have a legally sound overriding reason to continue
- Erasure, restriction and portability - in specific circumstances, you have the right to have your personal data deleted, to put limits on what we may do with it or to receive a copy in machine-readable form to take to another organisation
- There are also specific legal rights relating to automated decision making but we do not currently have any such processes to support the delivery of our public services.
For more information on your rights under the GDPR see https://ico.org.uk/for-the-public/
How do I exercise my rights?
We are required by law to have a designated Data Protection Officer (DPO). If you wish to exercise any of the rights described above, have a query on how personal data is handled within our organisation or just want further information and advice you can contact our DPO using the following contact details:
Data Protection Officer
Cambridgeshire Fire and Rescue Service
Phone: 01480 444500
Who do I contact if I am not satisfied?
In the first instance you can make a complaint to us. Please see the Contact Us section on our website.
You can complain to or seek advice from the Information Commissioner’s Office (ICO) (www.ico.org.uk):
Tel: 0303 123 1113