Data Protection

Hereford & Worcester Fire and Rescue Service (the Service) is committed to protecting your privacy.

You can find out more about how we use your information and what we do to protect it by visiting the Privacy Policy page on our website.

DATA PROTECTION

The Service has a Data Protection Officer who ensures we are legally compliant and look after your privacy rights. If you have any questions or concerns about data protection, please contact the Information Governance Department:

By email:
informationrequests@hwfire.org.uk

By phone:
0345 122 4454 (local rate)

By writing to:
Information Governance
Hereford & Worcester Fire and Rescue Service HQ
Hindlip Park
Worcester
WR3 8SP

What is personal information?

  • Personal data is any information relating to an identifiable, living individual. For example, this could be your name, contact details, date of birth or a photograph.

What is ‘special category’ information?

Some personal information is far more sensitive and therefore needs greater protection. ‘Special Category’ information is data that people often don’t want to be made widely public and is very personal to you. For example:

  • your race
  • your ethnic origin
  • your political views
  • your religious beliefs
  • whether you are a member of a trade union
  • genetics
  • biometric data used for ID purposes
  • health records
  • sexual orientation

Why do we need your personal information?

We may need some information about you so that we can:

  • deliver services and support to you
  • manage those services we provide to you
  • train and manage the employment of our workers who deliver those services
  • help review any complaints you may have
  • develop new support services

We will only collect and use your personal information if we are legally required to or if we need it to provide you with a service, for example to do a Home Fire Safety Check.

If possible we will make your data anonymous; for example if we conduct a survey, we may not need your personal details, just your survey response.

If we collect your personal information, we will let you know exactly why and what we will do with it in a Privacy Notice specific to that area of work. The Service will only use your information for the reason that it was first collected and your data will only be shared with other people if we have received your consent or if we are permitted to / have to by law; for example to detect or prevent a crime.

Data Protection Law

The use of personal information is mainly governed by the General Data Protection Regulation 2018 and the Data Protection Act 2018.

The Service is the Data Controller for any personal data collected and used and is registered with the Information Commissioners Office (ICO) – Ref: Z6828188

If the Service is collecting and using your personal data, then we must have a legal reason to do so before we start. We will explain our reasons fully in the Privacy Notice we give you but some examples are:

  • If you have given your consent or your legal representative has
  • If it’s necessary so we can perform our statutory duty
  • If we have to for legal reasons
  • If you work or volunteer for the Service
  • To protect you in an emergency situation
  • To protect the health and safety of the public

Information Sharing

The Service may share your personal information with a third party who is working with us or on our behalf but we will only do this where we have received your consent or if there is a legal requirement to do so.

For example:

  • to stop crime and fraud
  • to protect you from harm
  • if there are serious risks to the public, our staff or to other professionals
  • to protect a child or vulnerable adult

If we collect your personal information, we will let you know who we are sharing your data with and why in a Privacy Notice.

Information Security

The Service will take all reasonable steps to make sure the information we hold about you is kept secure and only available to those who have a legal right to see it.

For example:

  • Storing in locked cabinets or on secure computer networks, with restricted access to only those who need to know
  • Encrypted if being transferred or saved on a mobile device i.e. tablet or smart phone
  • Training all members of staff on how to handle personal data and how to report it if something goes wrong
  • Regularly testing our physical and technical safety measures, including keeping up to date with IT security updates.
  • Only using IT storage systems that are located in the UK and who meet strict data protection controls.

The Service stores all personal information on systems in the UK and does not send any personal information to countries that are not considered as “safe” by UK or EU Governments.

All contractors the Service uses are required to follow the same data protection standards as we do.

Keeping Information

How long we keep (retain) your information for depends upon what it is and why it was needed in the first place.

You will be told how long your data will be retained for in the Privacy Notice when we collect your information.

If information is no longer needed, then paper files will be either securely disposed of by using a cross-cutting (confetti) shredder or through confidential waste collection and all electronic records will be deleted.

Your Data Your Rights

Under data protection legislation, you have statutory rights relating to your own personal data:

  • Access – you have the right to know what data we hold relating to you and why, and to receive a copy of it;
  • Rectification – you have the right to have inaccurate information about you corrected;
  • Objection – you have the right to object to the Service using your information, and we would have to stop unless we have a sound overriding reason to continue;
  • Erasure, restriction and portability – in specific circumstances, you have the right to have your personal data deleted, to put limits on what the Service may do with it or to receive a copy in machine-readable form to take to another organisation;

For more information on your rights under the data protection laws you can have a look at the Information Commissioner’s Office (ICO) website page by following this link https://ico.org.uk/your-data-matters/ The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Should you wish to exercise any of your rights please contact the Information Governance department:

By email:
informationrequests@hwfire.org.uk

By phone:
0345 122 4454 (local rate)

By writing to:
Information Governance
Hereford & Worcester Fire and Rescue Service HQ
Hindlip Park
Worcester
WR3 8SP

To progress your request the Service will require confirmation of your identity. You will need to provide

Personal Identity:  Photographic proof of ID (passport or drivers licence)

Address Verification: Confirmation of your address (utility bill, council tax bill)

In both cases a scanned copy or an emailed photograph will be accepted with your request but you must ensure that both documents are signed and include the following certification wording:

“I certify that this is a true copy of the original document”

In most cases the Service will not charge a fee. However, where the request is manifestly unfounded, excessive or duplicated we may charge a “reasonable fee” for the administrative costs of complying with the request. If the Service do intend to charge a fee, we will notify you.

Article 12(3) of the General Data Protection Regulation stipulates that information must be provided to you within one calendar month of your request unless the complexity i.e. the volume of data to be reviewed is large and then this may be extended by a further two calendar months. The Service will notify you if the response timeframe is likely to exceed one calendar month.

Help and Advice

If you would like further advice about Data Protection contact the Information Commissioner’s Office at:

By Post:
Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF

By Tel:
0303 123 1113 (local rate)

Email:
casework@ico.org.uk

Live Chat:
https://ico.org.uk/global/cont…

Website:
www.ico.org.uk

Should you have any concerns regarding the management of your request and wish to make a complaint, in the first instance please do so using Hereford & Worcester Fire and Rescue Service’s complaints system: Comments and Complaints. If you are not satisfied with the outcome of the internal review, you may appeal the decision by contacting the Information Commissioner’s Office (details above).