Cambridgeshire Fire and Rescue Service (CFRS) collects and uses your data in order to carry out our public duties. This privacy notice is designed to give you a clear explanation of our data processing policies. Please note that we periodically review this notice and it may be amended in future to reflect any changes in our services, the law or our organisation.
As a Data Controller we have a legal requirement to make sure you know what we intend to do with your information and who it will be shared with. Any personal information you provide will be processed in accordance with the Data Protection Act (DPA) (2018). All employees or volunteers who have access to your personal data or are associated with the handling of that data are trained and obliged to keep your data confidential and CFRS has appropriate procedures in place for the unlikely event of your information being misused.
Why do we collect information about you?
We need to collect and hold information about you, in order to:
- Deliver public services relating to fire and rescue services and fire safety
- Confirm your identity to provide some services
- Contact you by post, email or telephone
- Understand your needs to provide the services that you request
- Obtain your opinion about our services
- Help us understand how we are performing our public duty to the communities we serve and identify how our services may need to evolve
- Allow us to undertake statutory functions efficiently and effectively.
To process your data, we need to ensure we meet at least one of the six lawful reasons as required by the DPA (2018). As a Public Authority; our reasons will typically be because we must process your data to meet a legal obligation to do so or that we can carry out one of our designated public tasks as a fire service.
Detailed information on which lawful reasons apply for each of our services can be found via the below links:
Do we share your information?
When necessary, your personal data will also be provided to companies who carry out some services or functions on behalf of CFRS (“data processors”), to other public bodies - such as the police, local authorities and NHS – and sometimes to non-statutory organisations. In these cases we will inform you which of the information we intend to share and which organisations it will be shared with. Any organisation we do share your information with will also be obliged to protect it in line with the DPA (2018).
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
We may also share information with the police, intelligence services and other agencies where required to by law for the investigation of fraud under the National Fraud Initiative.
To find out more about the data collection requirements placed on us by the Home Office (for example; regarding incidents and prevention work) go to: https://www.gov.uk/government/collections/fire-statistics.
How do we keep your data safe?
Our aim is not to be intrusive, and we will only ask you for the information that is necessary for us to complete the task for which it is collected. The information you provide will be subject to rigorous and regularly reviewed procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t see it and that the systems it is held in are secure.
The information you provide can be held in a variety of systems and formats. This can include but is not limited to information held in Cambridgeshire Fire and Rescue Service data management systems, written correspondence, emails, photographs, audio recordings and video recordings, including CCTV and aerial drone footage.
How long will you keep my data?
We will not keep your information longer than it is needed or where the law states how long this should be kept and we will dispose of paper records or delete any electronic personal information securely.
What are my rights?
Under the DPA (2018) you have several statutory rights relating to your own personal data:
- Access - you have the right to know what data we hold relating to you and why, and to receive a copy of it
- Rectification - you have the right to have inaccurate information about you corrected
- Objection - you have the right to object to us using your information, and we would have to stop unless we have a legally sound overriding reason to continue
- Erasure, restriction and portability - in specific circumstances, you have the right to have your personal data deleted, to put limits on what we may do with it or to receive a copy in machine-readable form to take to another organisation
- There are also specific legal rights relating to automated decision making but we do not currently have any such processes to support the delivery of our public services.
For more information on your rights under the GDPR see https://ico.org.uk/for-the-public/
How do I exercise my rights?
We are required by law to have a designated Data Protection Officer (DPO). If you wish to exercise any of the rights described above, have a query on how personal data is handled within our organisation or just want further information and advice you can contact our DPO using the following contact details:
Cambridgeshire Fire and Rescue Service
Cambridgeshire PE29 2NA
Phone: 01480 444500
Who do I contact if I am not satisfied?
In the first instance you can make a complaint to us. Please see the Contact Us section on our website here. http://www.cambsfire.gov.uk/contact-us-394.aspx
You can complain to or seek advice from the Information Commissioner’s Office (ICO) (www.ico.org.uk) at
Tel: 0303 123 1113