Your Privacy – Data Protection
Hereford & Worcester Fire and Rescue Service (the Service) is committed to protecting your privacy.
Here we will explain how we use your information and what we do to protect it.
The Service has a Data Protection Officer who ensures we are legally compliant and look after your privacy rights. If you have any questions or concerns, please contact the Data Protection Officer, by email: IR@hwfire.org.uk, by phone on 0345 122 4454 (local rate) or by writing to:
The Data Protection Officer
Hereford & Worcester Fire and Rescue Service HQ
2 Kings Court
Charles Hastings Way
What is personal information?
Personal data is any information relating to an identifiable, living individual. For example, this could be your name, contact details, NHS number or date of birth.
What is 'special' personal information?
Some personal information is far more sensitive and therefore needs greater protection. "Special" information is data that people often don't want to be made widely public and is very personal to you. For example:
- your race
- your ethnic origin
- your political views
- your religious beliefs
- whether you are a member of a trade union
- biometric data used for ID purposes
- health records
- sex life
- sexual orientation
Why do we need your personal information?
We may need some information about you so that we can:
- deliver services and support to you
- manage those services we provide to you
- train and manage the employment of our workers who deliver those services
- help review any complaints you may have check the quality of services
- develop new support services
We will only collect and use your personal information if we are legally required to or if we need it to provide you with a service, for example to do a Home Fire Safety Check.
If possible we will make your data anonymous; for example if we conduct a survey, we may not need your personal details, just your survey response.
If we collect your personal information, we will let you know exactly why and what we will do with it in a Privacy Notice. The Service will only use your information for the reason that it was first collected and will not sell or license your information. Your data will only be shared with other people if we have received your consent or if we are permitted to / have to by law; for example to detect or prevent a crime.
Data Protection Law
The Service is the Data Controller for any personal data collected and used and is registered with the Information Commissioners Office (ICO) – Ref: Z6828188
If the Service is collecting and using your personal data, then we must have a legal reason to do so before we start. We will explain our reasons fully in the Privacy Notice we give you but some examples are:
- If you have given your consent or your legal representative has
- If it's necessary so we can perform our Statutory duty
- If we have to for legal reasons
- If you work or volunteer for the Service
- To protect you in an emergency situation
- To protect the health and safety of the public
If we have your consent to use your personal information, you can change your mind and remove that consent at any time and for any reason. If you would like to remove your consent, please contact the Data Protection Officer.
Accessing your Information
You have the right to ask for all the information we hold about you.
You should send us your request in writing, to the address at the top of this page, telling us exactly what information you want and include some proof of ID.
We can't give you access to your information if:
- It contains personal information about other people
- A professional believes it will cause you or someone else serious physical or mental harm
- If the information may interfere with preventing or detecting a crime
If you prefer, you can ask us to let someone acting on your behalf see your personal information but only if you have given us written permission beforehand.
Generally there is no charge whether you want to view or have a copy of your information and the Service has 28 days to deal with your application. However, if your request is extremely big (excessive) or clearly groundless, the Service can either charge you a reasonable administrative fee or actually refuse to reply.
If you think that something on your file is incorrect or if you disagree with the record, you should contact the Data Protection Officer.
We may not always be able to change or remove that information but any factual inaccuracies will be corrected and we'll add your comments to the record to show what has been done.
Under the General Data Protection Regulation, you can ask for your personal information to be deleted; also known as the right to be forgotten.
For example this could be if:
- your personal information is no longer needed for the reason it was collected
- you have withdrawn your consent for us to use your information
- there is no legal reason for your information to be kept
If we have shared your personal information, we will contact them and ask them to stop using your data and delete it from their records.
Please note that it's not always possible for us to delete your information, even though you have asked us to. For example, where:
- we must record it by law
- it is needed for public health reasons
- it is used for scientific / historical research or statistical purposes, where it would make the information unusable if we deleted your record
- it is necessary for legal claims
Alternatively, you can ask the Service to stop using your personal information, which means we can keep a copy of the data but not use it for any reason. For example, when:
- you have found an error in your information and have notified us
- you have asked us to stop using your personal data and we are considering whether we have a legal reason to carry on using it
The Service will always try to comply with your request but there may be occasions when we must to continue to use your information because we have to by law.
You can ask for your personal information to be returned to you or transferred to another service provider in a commonly used format if it's an electronic record; this is known as data portability.
This only applies however if:
- we're using your personal information after you've given us your consent and not if we're required to by law
- the decisions were made by a computer and not a human being.
You can ask to have any computer made decisions explained to you and details of how we may have 'risk profiled' you.
You have the right to question decisions made about you by a computer, unless it's required for any contract you have entered into, required by law or you have given your consent.
You also have the right to object if you are being 'profiled'. Profiling is where decisions are made about you based on certain information in your personal data. For example, health details may prompt us to offer you a Home Fire Safety Check.
The Service may share your personal information with a third party who is working with us or on our behalf and has met the Service's data protection standards.
We will only share your personal data where we have received your consent or if there is a legal requirement to do so. For example:
- stop crime and fraud
- to protect you from harm
- if there are serious risks to the public, our staff or to other professionals
- to protect a child or vulnerable adult
If we collect your personal information, we will let you know who we are sharing your data with and why in a Privacy Notice.
The Service will take all reasonable steps to make sure the information we hold about you is kept secure and only available to those who have a legal right to see it.
- Storing in locked cabinets or on secure computer networks, with access restricted to those who need to know only
- Encrypted if being transferred or saved on a mobile device i.e. tablet or smart phone
- Training all members of staff on how to handle personal data and how to report it if something goes wrong
- Regularly testing our physical and technical safety measures, including keeping up to date with IT security updates (patches)
- Only using IT storage systems that are located in the UK and who meet strict data protection controls.
The Service stores all personal information on systems in the UK and does not send any personal information to countries that are not considered as "safe" by UK or EU Governments.
All contractors the Service uses are required to follow the same data protection standards as we do.
How long we keep (retain) your information for depends upon what it is and why it was needed in the first place.
You will be told how long your data will be retained for in your Privacy Notice when we collect your information.
If information is no longer needed, then paper files will be either securely disposed of by using a cross-cutting (confetti) shredder or through confidential waste collection and all electronic records will be deleted.
Help and Advice
If you have any questions or what to make a complaint about your personal information, then please contact our Data Protection Officer by emailing IR@hwfire.org.uk or by calling 0345 1224454 (local rate number).
If you would like further advice or don't feel we have answered your complaint satisfactorily, then please contact the Information Commissioner's Office (ICO) at:
Information Commissioner's Office
Wycliffe House Water Lane
The ICO is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.