CORPORATE PRIVACY NOTICE
From 25 May 2018 the law around processing your personal data is set out in the General Data Protection Regulation (GDPR). GDPR builds upon existing data protection laws and provides enhanced protection for personal data by imposing stricter obligations on those who process personal data.
For the purposes of Data Protection legislation, the Northern Ireland Fire and Rescue Service (NIFRS) is a ‘Data Controller’ (the holder, user and processor) of personal data.
NIFRS is committed to protecting your personal data when you use our services.
This Privacy Notice has been drawn up in line with the Information Commissioner’s Office (ICO) ‘Privacy Notices Code of Practice’, to assist NIFRS to comply with GDPR and Data Protection legislation. It aims to make those who use our services aware of how NIFRS processes and uses personal data and protects your privacy.
- What types of information do we hold about you?
To deliver our services effectively, we may need to collect and process personal data about you. Personal data refers to any information with which a living individual can be identified. Individual identification can be by the information alone or in conjunction with other information in the possession of NIFRS.
|Types of Personal Data||Details|
|Individual details||Name, address, other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer job title and employment history, family details including their relationship to you.|
|Special categories of personal data||Certain categories of personal data have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, trade union membership, genetic data, biometric or data concerning sexual orientation.|
- How do we collect your personal information?
We collect your personal information using computer systems, paper records, telephone calls and emails. This can include information you provide in person, on an official form (online or paper) and also information that is recorded on CCTV cameras operating within NIFRS sites and on specialist firefighting vehicles.
- Why we collect your personal information
We process personal information to enable us to undertake prevention, protection and emergency services in the communities that we serve. Personal data can be collected for firefighting and emergency services purposes including managing responses to fire and other emergency incidents; and maintaining our own records and accounts including the management of fire service assets. We also process personal information using a CCTV system to monitor and collect visual images for the purposes of security, training and the prevention and detection of crime. Other reasons why we collect personal data include –
- Carrying out Home Safety visits;
- For employment and staff training purposes;
- Checking the quality and effectiveness of our services;
- Investigating any concerns or complaints about our services;
- Research and planning of new services;
- Emergency contact information; and
- Agreements you may have with the Fire and Rescue Service.
- Where might we collect your personal data from
- Your family members, employer or representatives;
- Other Public Bodies such as the Police, Ambulance Service, Local Councils and the NHS; and
- Other Organisations such as companies who have given permission to share your information for security or key holding purpose.
- Legal basis for processing your personal data
We have the right to process your personal data where there is a lawful basis to do so. In the majority of cases, our lawful basis will be at least one of the following –
- Legal Obligation: Processing is necessary for carrying out legitimate public duties of a Fire and Rescue Service as defined in the Fire & Rescue Services (Northern Ireland) Order 2006.
- Public Task: Processing is necessary for us to perform a task in the public interest to help us in carrying out our public duty of improving, protecting and saving lives.
- Vital Interests: Processing is necessary to protect someone’s life.
- Contract: For recruitment, employment, social security purposes or collective agreement.
There may be other occasions where we are required to process your personal data, however, we will only do so where a lawful basis exists.
- Sharing Your Information
We may engage the services of commercial companies to store and manage your information on our behalf. Where we have these arrangements, there is always a Contract, a Memorandum of Understanding, a Service Level Agreement and/or an Information Sharing Agreement in place to ensure the requirements of the GDPR on handling personal data are met.
NIFRS may share information with another country in respect of operational and/or other matters. In such circumstances NIFRS will ensure that the requirements of Chapter V of GDPR are met
Sometimes, it is in line with our legal duties and in the interest of public safety to share information with other organisations such as the Police, the NHS or Social Services. We may also share your personal information when there is a justifiable public safety and security reason. Examples are:
- For the investigation, detection and prevention of crime or if we are required to do so by law;
- Helping the police and relevant authorities to identify trends and issues relating to fires;
- If there are serious risks to the public, our staff or other professionals; or
- To protect children or vulnerable adults.
- How we keep your information secure
NIFRS is committed to ensuring that your personal data is safe. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we hold about you. These include:
- Secure work areas;
- Information security awareness for our staff;
- Access controls on all systems;
- Encryption of personal data;
- Testing, assessing and evaluating the effectiveness of technical security controls; and
- Ensuring contracts and data sharing agreements with relevant third parties are compliant with GDPR.
- Your rights and your personal data
Subject to an exemption under the GDPR, you have the following rights in respect to your personal data:
- The right to request a copy of your personal data which NIFRS holds about you;
- The right to request that NIFRS corrects any personal information if it is found to be inaccurate or out of date;
- The right to erasure of your personal data where it is no longer necessary for the Service to retain such data;
- The right to withdraw consent to the processing of your data at any time;
- The right to request that the Service transmits your data to another organisation, where applicable;
- Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction to be placed on further processing;
- The right to object to the processing of personal data where applicable. However, as the Service will mainly be processing data based on the performance of a statutory duty in the public interest, there are limits to this right; and
- The right to lodge a complaint with the Information Commissioner’s Office.
- Retention and disposal of personal information
Personal records are retained for as long as necessary to process and in line with DoH ‘Good Management, Good Records’ Retention and Disposal Schedule
- Keeping your information up-to-date
It is important that the information we hold about you is up-to-date. If your personal details change, or are currently inaccurate, it is important that you let us know.
To exercise all relevant rights, queries or complaints, please in the first instance contact NIFRS Information & Security Manager below:
NIFRS Information & Security Manager
1 Seymour Street
Tel No 028 9266 4221
Email address firstname.lastname@example.org
- Who can I complain to?
You can also contact the Information Commissioner’s Office at:
The Information Commissioner’s Office – Northern Ireland
14 Cromac Place,
Telephone: 028 9027 8757