Corporate Privacy Notice
UK General Data Protection Regulation (UK GDPR) builds upon existing data protection laws and provides enhanced protection for personal data by imposing stricter obligations on those who process personal data.
For the purposes of Data Protection legislation, NIFRS is a ‘Data Controller’ (the holder, user and processor) of personal data.
We are committed to protecting your personal data when you use our services.
This Privacy Notice has been drawn up in line with the Information Commissioner’s Office (ICO) ‘Privacy Notices Code of Practice’, to help us comply with UK GDPR and Data Protection legislation. It aims to make those who use our services aware of how we process and use personal data and protect your privacy.
What types of information do we hold about you?
To deliver our services effectively, we may need to collect and process personal data about you. Personal data refers to any information with which a living individual can be identified. Individual identification can be by the information alone or in conjunction with other information in the possession of NIFRS.
| Types of personal data | Details |
|---|---|
| Individual details | Name, address, other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer job title and employment history, family details including their relationship to you. |
| Special categories of personal data | Certain categories of personal data have additional protection under the UK GDPR. The categories are health, criminal convictions, racial or ethnic origin, trade union membership, genetic data, biometric or data concerning sexual orientation. |
How do we collect your personal information?
We collect your personal information using computer systems, paper records, telephone calls and emails. This can include information you provide in person, on an official form (online or paper) and also information that is recorded on CCTV cameras operating within NIFRS sites and on specialist firefighting vehicles.
Why we collect your personal information
We process personal information so that we can undertake prevention, protection and emergency services in the communities that we serve. Personal data can be collected for firefighting and emergency services purposes including managing responses to fire and other emergency incidents; and maintaining our own records and accounts including the management of fire service assets. We also process personal information using a CCTV system to monitor and collect visual images for the purposes of security, training and the prevention and detection of crime. Other reasons why we collect personal data include-
- Carrying out Home Fire Safety visits;
- For employment and staff training purposes;
- Checking the quality and effectiveness of our services;
- Investigating any concerns or complaints about our services;
- Research and planning of new services;
- Emergency contact information; and
- Agreements you may have with the Fire and Rescue Service.
Where might we collect your personal data from-
- You;
- Your family members, employer or representatives;
- Other Public Bodies such as the Police, Ambulance Service, Local Councils and the NHS; and
- Other Organisations such as companies who have given permission to share your information for security or key holding purpose.
Legal basis for processing your personal data
We have the right to process your personal data where there is a lawful basis to do so. In the majority of cases, our lawful basis will be at least one of the following –
- Legal Obligation- Processing is necessary for carrying out legitimate public duties of a Fire and Rescue Service as defined in the Fire & Rescue Services (Northern Ireland) Order 2006.
- Public Task- Processing is necessary for us to perform a task in the public interest to help us in carrying out our public duty of improving, protecting and saving lives.
- Vital Interests- Processing is necessary to protect someone’s life.
- Contract- For recruitment, employment, social security purposes or collective agreement.
There may be other occasions where we are required to process your personal data, however, we will only do so where a lawful basis exists.
Sharing Your Information
We may engage the services of commercial companies to store and manage your information on our behalf. Where we have these arrangements, there is always a Contract, a Memorandum of Understanding, a Service Level Agreement and/or an Information Sharing Agreement in place to ensure the requirements of the UK GDPR on handling personal data are met.
We may share information with another country in respect of operational and/or other matters. In such circumstances we will ensure that the requirements of Chapter V of UK GDPR are met.
Sometimes, it is in line with our legal duties and in the interest of public safety to share information with other organisations such as the Police, the NHS or Social Services. We may also share your personal information when there is a justifiable public safety and security reason. Examples are-
- For the investigation, detection and prevention of crime or if we are required to do so by law;
- Helping the police and relevant authorities to identify trends and issues relating to fires;
- If there are serious risks to the public, our staff or other professionals; or
- To protect children or vulnerable adults.
How we keep your information secure
We are committed to ensuring that your personal data is safe. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we hold about you. These include-
- Secure work areas;
- Information security awareness for our staff;
- Access controls on all systems;
- Encryption of personal data;
- Testing, assessing and evaluating the effectiveness of technical security controls; and
- Ensuring contracts and data sharing agreements with relevant third parties are compliant with GDPR.
Your rights and your personal data
Subject to an exemption under the UK GDPR, you have the following rights in respect to your personal data:
- The right to request a copy of your personal data which we hold about you;
- The right to request that we correct any personal information if it is found to be inaccurate or out of date;
- The right to erasure of your personal data where it is no longer necessary for us to retain such data;
- The right to withdraw consent to the processing of your data at any time;
- The right to request that we transmit your data to another organisation, where applicable;
- Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction to be placed on further processing;
- The right to object to the processing of personal data where applicable. However, as we will mainly be processing data based on the performance of a statutory duty in the public interest, there are limits to this right; and
- The right to lodge a complaint with the Information Commissioner’s Office.
Retention and disposal of personal information
Personal records are retained for as long as necessary to process and in line with DoH ‘Good Management, Good Records’ Retention and Disposal Schedule.
Keeping your information up-to-date
It is important that the information we hold about you is up-to-date. If your personal details change, or are currently inaccurate, it is important that you let us know.
Contacts
To exercise all relevant rights, queries or complaints, please in the first instance contact NIFRS Governance Information Business Support Services Manager-
Address– NIFRS Governance Information Business Support Services Manager, NIFRS Headquarters, 1 Seymour Street, Lisburn, BT27 4SX
Tel -028 9266 4221
E-mail – [email protected]
Who can I complain to?
You can also contact the Information Commissioner’s Office at:
Address– The Information Commissioner’s Office – Northern Ireland, 3rd Floor, 14 Cromac Place, Belfast, BT7 2JB
Tel– 028 9027 8757