FAIR PROCESSING AND PRIVACY NOTICE
Last updated: October 2022
Leicestershire Fire and Rescue Service (LFRS) is committed to protecting your personal data and sensitive information by:
- Complying with both law and good practice
- Respecting individuals’ rights and complying with requests where possible and in line with legislative guidelines
- Being open and honest with individuals whose data is processed
- Processing your personal data fairly and in ways you would reasonably expect us to
- Using lawful conditions such as your consent to process and other lawful basis where we cannot obtain your consent, or when it is not required by us
- Providing training and support for staff who handle personal data, so that they can act confidently and consistently and reduce the risk of data breaches
- Ensure retention and disposal of personal data is adhered to
- Implement appropriate technical and organisational security measures to safeguard personal data
- Ensure personal data is not transferred or processed outside of the European Economic Area or United States of America without suitable safeguards and adequate protection being in place
- Ensure the quality of personal data processed by the Fire and Rescue Service
Personal data means any information about a living individual who could be identified. This includes name, address, other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, family details including their relationship to you. Certain categories of personal data (special category “sensitive” data) have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric or data concerning sex life or sexual orientation. This privacy notice explains how we use your information and how we protect your privacy to ensure we are complying with our Data Protection Policy. The processing of personal data is covered by the United Kingdom General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please click on the headings below to find out more:
To deliver our services effectively, we may need to collect and process personal data about you. We collect data using:
- Online forms
- Telephone calls
- Personal contact including visits
- Letters and paper forms
- Video conferencing
To process Information Governance related communications including:
- Concerns – Non Fire Safety / Fire Safety
- General enquiries
- Data protection Subject Access Requests (SAR)
- Data Protection third party SARs
- Freedom of Information Act (FOIA) requests
- Environmental Information Regulations (EIR) requests
- Insurance/liability claims – for our Privacy notice please click here.
We collect and use different kinds of information in our emergency Fire Control Room, including for receiving 999 calls and responding to an emergency and managing our Service. We collect:
- Incident details, including location
- Names and contact numbers of people who ring to report an emergency or other type of call
- Names and contact numbers of people who we need to work with from other emergency services and organisations
- Details about casualties and their health
- What services have been provided and to who
- Audio recording of all calls including 999 calls and radio messages sent from and to our vehicles
- Information about buildings that might affect how we respond to an emergency, for example, stored flammable goods
To view and download our Fire Control personal data processing privacy notice, please click here. For advising on fire risks at home:
- Personal details – for example, name, age, address
- Contact information
- Physical or mental health details
- Lifestyle and social circumstances relating to fire risk or other high risks
- Opinions and decisions on fire safety
- What services have been provided and to who
To identify community fire risks:
- Locations of fire related incidents
- Addresses of fire related risks, for example, occupiers over 65, or threats of arson
To deliver community safety events and messages to the public that promote our services:
- Personal details – for example, name, age, address
- Contact information
For business fire safety advice and enforcement action:
- Names and addresses
- Contact information
- Licenses, certificates held
- Opinions and decisions on fire safety
Video images and audio recordings are termed ‘moving images’, we capture:
- Building mounted CCTV cameras recording video
- Vehicle mounted CCTV cameras recording video on fire engines [full notice please click here]
- Vehicle mounted ‘dashcam’ video recording in cars [full notice please click here]
- Body worn video cameras on people for specialist functions
- Video cameras and audio recording in meeting rooms
- Video camera inside the common areas of our buildings
We also capture static images, photographs and process them as personal data.
For the full fair processing and privacy notice in relation to photographs, video and audio in our Service Headquarters Building, please click here.
We do not perform any covert surveillance of any type; covert surveillance is that carried out in a manner calculated to ensure that subjects of it are unaware it is, or may be taking place. All buildings and fire appliances where CCTV are fitted display awareness signs.
For the management and monitoring of our staff from time of recruitment to end of Service:
- Recruitment and selection
- To view or download our Recruitment System Fair Processing and Privacy Notice, please click here.
- Their health, safety and welfare
- The administration of their salary, wage, pension, sickness, maternity, travel / subsistence payments and any other monies
- Their training and development requirements, including Service exercises
- To view or download our Service Exercises Privacy Notice, please click here
- Employee relations. Such as human resource planning, conduct, equal opportunities, employee consultation, appraisals, disciplinary and grievance issues
- The assessment and arrangement of insurance cover where this is required. Such as for car leasing purposes
- The monitoring of vehicle use and employee driving habits
- To view or download our Fleet Monitoring System Fair Processing and Privacy Notice, please click here.
- The operational, day-to-day management and administration of employees by line managers
- For access control to our premises, car parks and other automated equipment/systems
To check our services meet legal duties, including for diversity and equality of opportunity:
- Age group
- Gender identity and re-assignment
- Marriage and Civil Partnerships
- Pregnancy and maternity
- Racial or ethnic origin
- Religious or other beliefs
- Sexual orientation
We will not:
- Sell or rent your data to third parties
- Share your data with third parties for marketing purposes
- We use personal information about members of the public, businesses and organisations to provide fire prevention, fire protection and emergency services to the communities that we serve. We also collect and use the personal information of our staff. This includes:
- Firefighting, responding to road traffic collisions and other emergency situations
- Carrying out home safety visits
- Fire investigations at homes, business and public areas
- Fire prevention awareness, advice and assistance
- Business fire safety advice and inspections
- Regulatory, licensing and enforcement actions for business fire safety
- Improving community safety
- Reducing arson
- Checking and auditing the quality and effectiveness of our services, systems and processes
- Maintaining our own records and accounts
- To check our services meet legal duties, including for diversity and equality of opportunity
- Where you have agreed for asking your opinions about our services
- Supporting and managing our staff
- Reducing crime in the form of theft, fire, vandalism, physical and verbal abuse to its personnel and property by aiding prevention through deterrence and detection.
- Providing a safer and a more secure environment for all personnel working within our premises, or any members of the public with lawful reasons for being at the premises.
- Maintaining the security of our buildings and associated contents.
- Providing a safer and a more secure environment for all personnel working on all frontline fire appliances and reducing crime in the form of theft, fire, vandalism, physical and verbal abuse to its personnel while working around the Service area and any other area are staff are required to attend.
- Carrying out our tasks as a Public Authority Fire and Rescue Service.
- Training and debriefing our staff.
- To ensure we are able to provide evidence in pursuit of fair and objective outcomes when carrying out investigations of any nature
- Investigating complaints about our services
- In enabling and supporting the Service to comply with legislation, for example the Health and Safety at Work Act 1974, The Fire and Rescue Services Act 2004, The Data Protection Act 2018
- Data is collected on behalf of the Home Office for research and statistical purposes only. This includes data following emergency incidents that we have attended. More information on this can be found here
- To prevent and detect fraud in the use of public funds including our participation in the National Fraud Initiative. Our Privacy Notice including links to more Government information on this can be found here
LFRS has due regard to the Data Protection Act 2018, the General Data Protection Regulation (GDPR) 2016 and any subsequent data protection legislation. The lawful basis for processing that we apply are set out in Article 6 of the GDPR.
There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend upon our purpose and relationship with the individual. At least one of these must apply whenever we process your personal data:
Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (Note: This cannot apply if we are processing data to perform our official tasks.)
When we process special category data (sensitive personal data) we identify both a lawful basis for general processing and an additional condition for processing this type of data. Special category data is:
- personal data revealing racial or ethnic origin;
- personal data revealing political opinions;
- personal data revealing religious or philosophical beliefs;
- personal data revealing trade union membership;
- genetic data;
- biometric data (where used for identification purposes);
- data concerning health;
- data concerning a person’s sex life; and
- data concerning a person’s sexual orientation.
At least one of these must apply whenever we process your special category personal data:
(a) Explicit consent
(b) Employment, social security and social protection (if authorised by law)
(c) Vital interests
(d) Not-for-profit bodies
(e) Made public by the data subject
(f) Legal claims or judicial acts
(g) Reasons of substantial public interest (with a basis in law)
(h) Health or social care (with a basis in law)
(i) Public health (with a basis in law)
(j) Archiving, research and statistics (with a basis in law)
We are committed to keeping your personal data safe. We have physical, electronic and organisational procedures to protect and safely use the information that we hold about you. These include:
- Secure work areas
- Information security training for our staff
- Access controls on information systems
- Encryption of personal data
- Testing and checking security controls
- Checking privacy when we change how we use or store personal information
- Written contracts with any companies we use for storing information
Where we use more sensitive data, like health information, we protect this information with extra controls. We use anonymised data wherever we can, so individuals cannot be identified. Our commitments are published in our policies and procedures, the main documents that relate to compliance with this Privacy Notice are:
- Overarching information governance and data policy
- Data protection policy
- Information Communications Technology security policies.
- Your family members, employer or representative
- Your landlord
- Other public bodies such as the police, ambulance service, local councils and the National Health Service
- Charities and support services you have given permission to share your information for fire safety or other reasons
- Other organisations such as companies who you have given permission to share your information for security or key holding purposes
Sometimes, we share personal information about you with others. These organisations include, but are not limited to:
- Other blue light emergency services, for example the Police and Ambulance so we can respond to incidents
- Other commercial, military or civil organisations in the event we use third parties to respond to incidents during periods of industrial action
- Public utilities, for example to cut off a gas supply in an emergency
- Local councils, if we have serious concerns about your wider safety that a local council can help with
- Welfare organisations, if you agree to your information being shared unless in a ‘life or death’ situation or where you are at risk of significant harm
- Central government, for example anonomised information about our activities used for national fire statistics
- Courts and law enforcement, prosecuting authorities, solicitors
- Insurance companies and loss adjusters where they are authorised to act on your behalf following an incident at your property
- The Department for Work and Pensions, other local authorities, Her Majesty’s Revenue and Customs, and the Police for criminal matters.
- National Fraud Initiative to prevent or detect financial fraud or crime.
LFRS will in certain circumstances disclose your personal information if required to do so by law or in the good faith belief that such action is necessary to:
- Conform to the edicts of the law or comply with legal process served on LFRS
- Protect and defend the rights or property of LFRS
- Act under exigent circumstances (an emergency situation requiring swift action to prevent imminent danger to life or serious damage to property, or to forestall the imminent escape of a suspect, or destruction of evidence) to protect the personal safety of users of LFRS, or the public.
We may use commercial companies to store and manage your information on our behalf. Where we do this, there is always a contract to ensure that the requirements of the GDPR on handling personal data are met.
We only keep your information for as long as we need it. This is to meet our legal responsibilities, in line with recommended best practice and sometimes for our organisational needs in managing a Public Authority Fire and Rescue Service.
We are always reviewing and adding to our processing records, so for up to date information please contact our Data Protection Officer who will be able to share our personal data retention schedules with you, Email: firstname.lastname@example.org
In general, you have the right to request that LFRS:
- Provides a copy of your personal information.
- Corrects any errors in your personal information and restrict processing of your personal data until completed.
- Considers your objection to the processing of your personal data and depending on the service and legal basis stops all or some of that processing. “Processing” means the collecting, storing, amending, disclosing, sharing and destruction of your data.
- Erases your personal information, depending on the service and legal basis.
- Withdraws your consent deletes your, if consent is used as the legal
basis for the service.
- Informs of automated decision making, including profiling for the service.
Where possible we will try to meet your request but we may need to hold, retain or process information to comply with a legal duty. If you want a copy of, or a description of, the personal data we hold that relates to you, please ask in writing, by letter, fax or email. You can use our Subject Access Request (SAR) form in PDF format below which you can download, fill in and send to us. Please be as specific as possible about the information you want.
We will reply with your information within one month of receipt, or from the day on which we have the necessary information to confirm your identity. There are some lawful restrictions on information we send you, for example, other people’s personal information. You may be entitled to correction, restriction, objection, and erasure of your personal information depending on the service and legal basis. Please send your request: Post: Subject Access Request, Service Information Team, Leicestershire Fire and Rescue Service Headquarters, 12, Geoff Monk Way, Birstall, Leicester, LE4 3BU. Email: email@example.com
If you have any concerns about how we process your personal information, please contact Leicestershire Fire and Rescue Service’s Data Protection Officer by calling 0116 210 5555, emailing firstname.lastname@example.org or in writing by post:
Data Protection Officer
Information Governance Department
Leicestershire Fire and Rescue Service Headquarters
12 Geoff Monk Way
If you are not happy with how we deal with your concern, you can contact the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. They can also provide advice and guidance and can be contacted through their website www.ico.org.uk, their helpline on 0303 123 1113, or in writing to:
Information Commissioner’s Office
You are able to block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Information on how to block cookies can usually be found within the “Help” feature of your browser. Information can also be found on the main browser websites. www.apple.com/safari (Apple Safari) www.google.com/chrome (Google Chrome) www.microsoft.com (Internet Explorer) www.mozilla–europe.org/en/firefox (Mozilla Firefox) www.opera.com (Opera)
We will continually review and update this Privacy Notice and those Notices relating to specific areas of our functions to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice.
Health data has been produced by the Chief Fire Officers Association (CFOA) and NHS England to help identify over 65s and vulnerable households in order to deliver vital Home Fire Safety Checks and safety referrals. NHS England, the Royal College of General Practitioners and Fire and Rescue Services (FRS) in England work together to share information (where relevant, proportionate and necessary) to allow Fire Service personnel to undertake home safety assessments for those who would benefit from a visit. The majority of fire deaths in the UK occur amongst the elderly population. However older people are most vulnerable to fire and a number of other risks. A home visit from the FRS is proven to make them safer and can reduce risk significantly. In one area of the United Kingdom where this work has been piloted since 2007, there has been a significant reduction in fire deaths and injuries which has developed into a current trend well below the national average. So we know this work can save many lives. The FRS and NHS will continue to work together in the future to ensure the visits undertaken by the FRS are effective in helping make people safe and well.
This notice is to tell you about why we need your information and how we will handle it. This notice is for: Monitoring satisfaction with our emergency response service, otherwise known as the After the Incident survey.
What Information do we need from you?
We need to know the following about you:
- Information about your incident
- Your opinion about how well we performed
- Information about you:
- Gender Identity
- Sexual Orientation
- Home/business postcode
Why do we need this?
We need this information to:
- Demonstrate how well we perform in an emergency
- Improve the service we provide in an emergency
- Ensure that we are meeting the different needs of the community that we serve
The information that you provide will be linked to information that we collect about the incident itself. This will be used to carry out further analysis on our performance and will be made available in an aggregated form in an annual report.
Why are we allowed to process your information?
Data protection law allows us to process your information within certain conditions. In this case we are using your consent as the lawful condition for us to do this. We also need an appropriate lawful reason to process sensitive data. In this case we are processing your sensitive personal data because you have given your consent.
Who will we share this with?
Sometimes we need to share your information with others. We will only do this when it is necessary in order to offer you this service, or if we are required to do so by law. We do not plan to share it with anyone else or use it for anything else. In this instance we will share your information with Leicestershire County Council who are carrying out the survey on our behalf.
How will we keep it secure?
We will take all reasonable steps to prevent the loss, misuse or alteration of your personal information. Only the people who need to see your personal information will be allowed access to it. We will not send your information outside of the UK.
How long will we keep it for?
We will only keep this information for as long as necessary or as the law requires. For this service that would normally be three years.
What if something changes?
If the information you provided changes or your circumstances change, please contact the Data Protection Officer by emailing email@example.com. If we need to change something like who we want to share this information with, we will contact you to let you know.
What are your rights?
Details about your information rights can be found above.
Data Protection Fair Processing and Privacy Notice
Leicestershire Fire and Rescue Service regard your privacy as important and comply with the Data Protection Act 2018. We are recording this personal information about you in order for us to monitor satisfaction with our Fire Safety Inspections and ensure that it does not discriminate against people based on their age, sex and other personal characteristics.
We will collect your personal information to use for this specific purpose and only collect the minimum we need. Data protection law allows us to process your information within certain conditions. In this case we are using your consent as the lawful condition for us to do this. We also need an appropriate lawful reason to process sensitive data. In this case we are processing your sensitive personal data because you have given your consent.
We may share information recorded in this form with others in the Service, it will first be anonymised so you cannot be identified. Your personal data is held securely on our system and will not be shared with any other third party outside of the Service unless we have your consent to do so or as required by law.
The information you provide will be held for a period of time defined in our retention and disposal schedule that is 5 years from the date you submitted your information, you also have the right to request that we stop processing your personal data.
Further information can be obtained from our Data Protection Officer by emailing firstname.lastname@example.org or telephone 0116 2872241. You can also find our general privacy notice on our website https://leics-fire.gov.uk/privacy/