FAIR PROCESSING AND PRIVACY NOTICE

Last updated: OCTOBER 2023

 

Who we are and our contact details

Leicestershire Fire and Rescue Service (LFRS) [us/we/our] are a Public Authority and the Data Controller for determining the purpose and means of processing your personal data. Personal data means any information about a living individual who could be identified. You can contact us:

Address:
The Data Protection Officer,
Information Governance Department,
Leicestershire Fire and Rescue Service Headquarters,
12, Geoff Monk Way,
Birstall,
Leicester

LE4 3BU

Email:        dpo@leics-fire.gov.uk

Telephone:   0116 210 5555

Or via our Social Media Channels – see links on our Website home page: HERE

Our Personal Data commitment to you

Leicestershire Fire and Rescue Service (LFRS) is committed to processing and protecting your personal data and sensitive information by:

  • Complying with both the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, other applicable law, and good practice
  • Respecting your individual rights and complying with requests where possible and in line with legislative guidelines, explaining our reasons to you when we cannot comply with your request
  • Being open and honest with you when processing your personal data and giving you access to the information we hold about you
  • Processing your personal data fairly and in ways you would reasonably expect us to
  • Using lawful conditions such as your consent to process your personal data or other lawful basis where we cannot obtain your consent or do not need to do so
  • Providing training and support for our staff who handle your personal data, so that they can act confidently and consistently and reduce the risk of personal data breaches occurring
  • Ensure the quality of personal data processed by LFRS is the most up to date and accurate it can be, only collecting what we need to in order to meet our statutory duties and provide you with a Fire and Rescue Service
  • Ensure we only keep your personal data for as long as necessary before securely destroying and in line with legislative requirement and best practice, sometimes this means permanently
  • Implement appropriate technical security measures including robust cyber security to safeguard your personal data, responding quickly to any known or suspected unauthorised information access events
  • Implement policies and procedures to ensure we have effective governance in place to manage and protect your personal data, quickly containing any personal data breaches where we can and thoroughly investigating to identify risks to you
  • Deal with complaints swiftly, thoroughly, impartially, and confidentially; Adopt a positive professional approach by using complaints as an opportunity to take actions to improve the service we provide. Inform the Information Commissioner (ICO) where we deem it appropriate to do so
  • Ensure personal data is not transferred or processed outside of the European Economic Area without suitable safeguards and adequate protection being in place

This Privacy Notice explains how we use your information and how we protect your privacy to ensure we are complying with our Personal Data Policy: HERE. Please click on the headings below to find out more:

How we collect your Personal Data

To deliver our services effectively, we may need to collect and process personal data about you. We may collect data using:

  • Online forms
  • Telephone calls
  • Personal contact including visits, events, meetings+
  • Letters and paper forms
  • Emails
  • Video conferencing meetings and recordings
  • Video recording
  • Still images/Photographs
  • Audio recording of all calls to and from our Fire Control Room including non-emergency calls, 999 calls and radio messages sent from and to our vehicles during our emergency and non-emergency response processes
  • Audio recordings under Police and Criminal Evidence Act (PACE) standards and interview process for civil prosecution

Video images and audio recordings are termed ‘moving images’, we capture:

  • Building mounted CCTV cameras recording video
  • Vehicle mounted CCTV cameras recording video on fire engines
  • Vehicle mounted ‘dashcam’ video recording in cars
  • Body worn video cameras on people for specialist functions
  • Video cameras and audio recording in meeting rooms
  • Video cameras inside the common areas of our buildings

We do not perform any covert surveillance of any type; covert surveillance is that carried out in a manner calculated to ensure that subjects of it are unaware it is, or may be taking place. All LFRS buildings and vehicles where CCTV are fitted display awareness signs to inform you where we are capturing your images.

The categories of individuals (Our Data Subjects)

Commercial sole traders
Community
Contractors
Consultants
Other Fire and Rescue Services
Other Blue Light Emergency Services
Our employees
Our temporary staff including Intern and Agency
Our Volunteers
Our apprentices
Partner Authorities/Organisations
Suppliers / Service Providers

Why we collect your Personal Data

To process Information Governance related communications including your:

  • Complaints
  • Concerns – Non Fire Safety / Fire Safety
  • Compliments
  • General enquiries
  • Data protection Subject Access Requests (SAR)
  • Data Protection third party Subject Access Requests (those made on your behalf with your authority)
  • Freedom of Information Act (FOIA) requests
  • Environmental Information Regulations (EIR) requests
  • Insurance/liability claims
  • Checking and auditing the quality and effectiveness of our services, systems and processes
  • Maintaining our own records and accounts
  • Our procurement of goods and services
  • To check our services meet legal duties, including for diversity and equality of opportunity
  • Data is collected on behalf of Government, His Majesties Inspector of Constabularies and Fire and Rescue Services (HMICFRS), National Fire Chiefs Council, external and internal audit and other interested parties

The protection of our buildings, sites and staff:

  • Reducing crime in the form of theft, fire, vandalism, physical and verbal abuse to its personnel and property by aiding prevention through deterrence and detection
  • Providing a safer and a more secure environment for all personnel working within our premises, or any members of the public with lawful reasons for being at the premises
  • Maintaining the security of our buildings and associated contents
  • Providing a safer and a more secure environment for all personnel working on all frontline fire appliances and reducing crime in the form of theft, fire, vandalism, physical and verbal abuse to its personnel while working around the Service area and any other area are staff are required to attend

We use personal information about members of the public, businesses and organisations to provide fire prevention, fire investigation, fire protection and emergency services to the communities that we serve or advising on fire risks and other risks in your home or place of residence:

  • Carrying out home safety visits
  • Lifestyle and social circumstances relating to fire risk or other high risk
  • Opinions and decisions on fire safety
  • What services have been provided and to who
  • Information about those within our communities who are vulnerable
  • Information for safeguarding purposes (including children under the age of 18)
    • Fire investigations at homes, business and public areas
    • Fire prevention awareness, advice and assistance
    • Business fire safety advice and inspections
    • Regulatory, licensing and enforcement actions for business fire safety
    • Reducing arson and anti-social behaviour
    • To deliver community safety events and messages to the public that promote our services

For our Fire Control Room , including for receiving 999 calls and responding to an emergency and managing incidents; and during our operations at operational incidents we attend:

  • Firefighting, responding to road traffic collisions and other emergency situations
  • Carrying out our statutory duty and tasks as a Public Authority Fire and Rescue Service
  • Enabling and supporting LFRS to comply with legislation, for example the Health and Safety at Work Act 1974, The Fire and Rescue Services Act 2004
  • Exercises to test how our policies and procedures are working
  • Training and debriefing our staff

For the management and monitoring of our staff from time of recruitment to end of Service including:

  • Recruitment and selection
  • Promotions
  • Health and well-being, safety and welfare
  • Investigations including health and safety, disciplinary and ‘near misses’
  • The administration of salary, wage, pension, sickness, maternity, travel / subsistence payments and any other monies
  • Training and personal development, including Service exercises
  • Employee relations. Such as human resource planning, conduct, equal opportunities, employee consultation, appraisals, disciplinary and grievance issues
  • The assessment and arrangement of insurance cover where this is required. Such as for car leasing purposes
  • The off-line monitoring of vehicle use and employee driving habits
  • The operational, day-to-day management and administration of employees by line managers
  • For access control to our premises, car parks and other automated equipment/systems

To check our services meet legal duties, including for diversity and equality of opportunity:

  • Age group
  • Gender identity and re-assignment
  • Marriage and Civil Partnerships
  • Pregnancy and maternity
  • Disability
  • Racial or ethnic origin
  • Religious or other beliefs
  • Sexual orientation

We will not:

  • Sell or rent your data to third parties
  • Share your data with third parties for marketing purposes
How we lawfully process your Personal Data

LFRS has due regard to the Principles and requirements of the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR) and any subsequent data protection legislation.

There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend upon our purpose and relationship with you. We will apply at least one of these whenever we process your personal data:

Consent: you have given clear consent for us to process your personal data for a specific purpose.

Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).

Vital interests: the processing is necessary to protect your or someone elses life.

Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law – carrying out our statutory duties.

Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (Note: This cannot apply if we are processing data to perform our statutory functions)

When we process your special category data (sensitive personal data) we identify both a lawful basis for general processing and an additional condition for processing this type of data. Special category data is:

  • personal data revealing racial or ethnic origin;
  • personal data revealing political opinions;
  • personal data revealing religious or philosophical beliefs;
  • personal data revealing trade union membership;
  • genetic data;
  • biometric data (where used for identification purposes);
  • data concerning health;
  • data concerning a person’s sex life; and
  • data concerning a person’s sexual orientation.

We will apply at least one of these conditions whenever we process your special category personal data:

  • Your Explicit consent
  • Employment, social security and social protection (if authorised by law)
  • Vital interests
  • Not-for-profit bodies
  • Made public by you the data subject
  • Legal claims or judicial acts you or we are engaged in
  • Our reasons of substantial public interest (with a basis in law)
  • Health or social care (with a basis in law)
  • Public health (with a basis in law)
  • Archiving, research and statistics (with a basis in law)
How we protect your Personal Data

We are committed to keeping your personal data safe. We have physical, electronic and organisational procedures to protect and safely use the information that we hold about you. These include:

  • Carrying out Data Protection Impact Assessments (DPIA) to assess privacy risks when we introduce new software or processes to collect and use your personal data
  • Secure work areas
  • Information security training for our staff
  • Access controls on information systems
  • Encryption of personal data on site, in the Cloud and when in transit
  • Testing and checking security controls
  • Checking privacy when we change how we use or store personal information
  • Written contracts with any companies we use for storing information

Where we use more sensitive data, like health information, we protect this information with extra controls. We use anonymised data wherever we can, so individuals cannot be identified. Our commitments are published in our policies and procedures, the main documents that relate to compliance with this Privacy Notice are:

    • Personal Data Policy
    • Access to Personal Data Service Procedure
    • Information Communications Technology security policies
    • ICT user policies
Who we share your Personal Data with

Sometimes, we share personal information about you with others. These organisations include, but are not limited to:

  • Other blue light emergency services, for example the Police and Ambulance so we can respond to incidents
  • Other commercial, military or civil organisations in the event we use third parties to respond to incidents during periods of industrial action
  • Public utilities, for example to cut off a gas supply in an emergency
  • Commercial and charitable organisations who provide us with goods and Services
  • Local councils, if we have serious concerns about your wider safety that a local council can help with
  • Welfare organisations, if you agree to your information being shared unless in a ‘life or death’ situation or where you are at risk of significant harm
  • Central government, for example anonomised information about our activities used for national fire statistics
  • Courts and law enforcement, prosecuting authorities, solicitors
  • Insurance companies and loss adjusters where they are authorised to act on your behalf following an incident at your property
  • Our insurers and appointed legal executives in defence of legal claims made against us whether they be Public Liability, Employer Liability or related to our Information Governance
  • The Department for Work and Pensions, other local authorities, Her Majesty’s Revenue and Customs (HMRC), and the Police for criminal matters.
  • His Majesties Inspectorate of Constabularies and Fire and Rescue Services (HMICFRS) during our external audit process
  • National Fraud Initiative to prevent or detect financial fraud or crime.

LFRS will in certain circumstances disclose your personal information if required to do so by law or in the good faith belief that such action is necessary to:

  1. Conform to the edicts of the law or comply with legal process served on LFRS
  2. Protect and defend the rights or property of LFRS
  3. Act under exigent circumstances (an emergency situation requiring swift action to prevent imminent danger to life or serious damage to property, or to forestall the imminent escape of a suspect, or destruction of evidence) to protect the personal safety of users of LFRS, or the public.

We may use commercial companies to store and manage your information on our behalf. Where we do this, there is always a contract in place with secure safeguards to ensure that the requirements of the GDPR on handling personal data are met.

How long we keep your Personal Data for (Retention and Disposal)

We only keep your information for as long as we need it. This is to meet our legal responsibilities, or in line with recommended best practice and sometimes for our organisational needs in managing a Public Authority Fire and Rescue Service.

We are always reviewing and adding records to our Register Of Processing Activity (ROPA), so for up to date information please contact our Data Protection Officer who will be able to share our relevant personal data retention schedules with you.

Your individual rights under Data Protection Laws

In general, you have the right to request that LFRS:

  • Provides you with details of your personal data held, gives access to you and where appropriate provides you with a copy of your personal information
  • Corrects any errors in your personal data we find during our business processes, or are informed of and restrict processing of your personal data until completed
  • Considers your objection to the processing of your personal data and depending upon the service and legal basis, stops all or some of that processing. “Processing” means the collecting, storing, amending, disclosing, sharing, archiving and destruction of your data
  • Erases your personal information, depending on the service and legal basis deletes all or some of your personal data
  • Withdraw your consent for us to further process your personal data, if consent is used by us as the legal basis for the service
  • Informs you any of automated decision making, including profiling for the service (Note: Please be advised we do not currently use automated decision making)

Where possible we will try to meet your request, but we may need to retain or process information to comply with a legal duty or our policies and procedures.

Request access to the Personal Data we hold about you - Subject Access Request (SAR)

If you want to request a copy of, or a description of, the personal data we hold that relates to you, please ask complete your request in writing using the form below if you are able. You may also request your personal data by telephone, letter, fax, email or social media. We will need to be able to identify you in order to consider your request and may ask you to provide evidence of identity to use.

You can use our Subject Access Request (SAR) form in Word format below which you can download, fill in and send to us. Please be as specific as possible about the information you want this will enable us to more quickly action your request.

Download a SAR Request Form:  Click HERE

We will reply with your information within one month of receipt, or from the day on which we have the necessary information to confirm your identity. There are some lawful restrictions on information we send you, for example, other people’s personal information that you are not entitled to (we call this third party information).

Please send your completed request form to:
By Post: Subject Access Request, Service Information Team, Leicestershire Fire and Rescue Service Headquarters, 12, Geoff Monk Way, Birstall, Leicester, LE4 3BU.

Email: dpo@leics-fire.gov.uk

Or via our Social Media channels on our Website Homepage:  Click HERE

Website Cookies for Online Users

The Leicestershire Fire and Rescue Service website does not automatically capture or store personal information, other than logging the user’s IP address and session information, such as the duration of the visit and the type of browser used. This is recognised by the web server and is only used for system administration and to provide statistics which Leicestershire Fire and Rescue Service uses to evaluate use of the site. Cookies are used for accessibility only; we do not use cookies for collecting user information. You may use your internet browser setting to disable new cookies being created and to delete those already captured. Please be aware that disabling cookies may affect your browser experience when using LFRS website. This privacy statement covers Leicestershire Fire and Rescue Service at www.leicestershire-fire.gov.uk only. Links within this site to other websites are not covered by this policy.

Blocking Cookies

You are able to block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Information on how to block cookies can usually be found within the “Help” feature of your browser. Information can also be found on the main browser websites. www.apple.com/safari (Apple Safari) www.google.com/chrome (Google Chrome) www.microsoft.com (Internet Explorer) www.mozilla–europe.org/en/firefox (Mozilla Firefox) www.opera.com (Opera)

Concerned about the way we are processing your Personal Data? How to let us know

If you have any concerns or questions about how we process your personal information and maintain your privacy, we encourage you to first make contact with us and speak to our Data Protection Officer (DPO), most concerns can very quickly be resolved.

Our DPO can be contacted by calling 0116 210 5555, Emailing: dpo@leics-fire.gov.uk, via our Social Media Channels (see Home Page of this Website: HERE), or in writing by post:

Data Protection Officer
Information Governance Department
Leicestershire Fire and Rescue Service Headquarters
12 Geoff Monk Way
Birstall
Leicester
LE4 3BU

If you are not happy with how we deal with your concern, you can contact the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. They can also provide advice and guidance and can be contacted through their website www.ico.org.uk, their helpline on 0303 123 1113, or in writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Review and updates to this Fair Processing and Privacy Notice

We will continually review and update this Privacy Notice and those Notices relating to specific areas of our functions to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice.

 

The owner of this area in the Website is: Information Governance Manager (Data Protection Officer), all enquires to email: dpo@leics-fire.gov.uk please.

Accessibility