Corporate Privacy Notice

Corporate Privacy Notice

Corporate Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

Contact Details

Data Controller

Northern Ireland Fire & Rescue Service

Post

Northern Ireland Fire & Rescue Service, 1 Seymour Street, Lisburn, BT27 4SX

Telephone

028 9266 4221

Email

Information Unit [email protected]

Data Protection Officer [email protected]

We are committed to protecting your personal data when you use our services. This Privacy Notice has been drawn up in line with the Information Commissioner’s Office (ICO) ‘The right to be informed’, to help us comply with UK GDPR and Data Protection legislation. It aims to make those who use our services aware of how we process and use personal data and protect your privacy.

Ensuring transparency and accessibility of information regarding our use of personal data is a fundamental aspect of the Data Protection Act (DPA) and the UK General Data Protection Regulation (UK GDPR). NIFRS are committed to fostering trust and confidence in our capacity to process personal information while safeguarding your privacy.

UK General Data Protection Regulation (UK GDPR) builds upon existing data protection laws and provides enhanced protection for personal data by imposing stricter obligations on those who process personal data.

What information we collect, use, and why

We collect your personal information using computer systems, paper records, telephone calls and emails. This can include information you provide in person, on an official form (online or paper) and also information that is recorded on CCTV cameras operating within NIFRS sites and on specialist firefighting vehicles to monitor and collect visual images for the purposes of security, training and the prevention and detection of crime.

To deliver our services effectively, we may need to collect and process personal data about you. Personal data refers to any information with which a living individual can be identified. Individual identification can be by the information alone or in conjunction with other information in the possession of NIFRS.

Types of personal dataDetails
Individual detailsName, address, other contact details (e.g. email and telephone numbers), gender, pronoun preferences, image, marital status, date and place of birth, nationality, National Insurance number, Next of Kin details including any support networks, emergency contact details, photographs, criminal convictions, employer job title, employment history, family details including their relationship to you, records of meetings and decisions and call recordings.
Special categories of personal dataCertain categories of personal data we collect have additional protection under the UK GDPR. The categories are racial or ethnic origin, Political opinions, Religious or philosophical beliefs, Trade union membership, Health information, biometric, data concerning sexual orientation or Sex life information.  

We process personal information so that we can undertake prevention, protection and emergency services in the communities that we serve. Personal data can be collected for firefighting and emergency services purposes including managing responses to fire and other emergency incidents; and maintaining our own records and accounts including the management of fire service assets. Other reasons why we collect personal data include:

  • Carrying out Home Fire Safety visits;
  • For employment and staff training purposes;
  • Checking the quality and effectiveness of our services;
  • Investigating any concerns or complaints about our services;
  • With your consent sharing your appreciation, comments and feedback to our firefighters and potentially on our website and social media.
  • Research and planning of new services;
  • Emergency contact information; and
  • Agreements you may have with the Fire and Rescue Service.

Lawful bases for the collection and use of your data

We have the right to process your personal data where there is a lawful basis to do so. In the majority of cases, our lawful basis will be at least one of the following:

  • Legal Obligation – Processing is necessary for carrying out legitimate public duties of a Fire and Rescue Service as defined in the Fire & Rescue Services (Northern Ireland) Order 2006 and Fire Safety Regulations (Northern Ireland) 2010
  • Public Task – Processing is necessary for us to perform a task in the public interest to help us in carrying out our public duty of improving, protecting and saving lives.  All of your data protection rights may apply, except the right to erasure and the right to portability.
  • Vital Interests – Processing is necessary to protect someone’s life when someone’s physical or mental health or wellbeing is at urgent or serious risk. All of your data protection rights may apply, except the right to object and the right to portability.
  • Contract – For recruitment, employment, social security purposes or collective agreement so we can enter into or carry out a contract with you.  There may be other occasions where we are required to process your personal data, however, we will only do so where a lawful basis exists.  All of your data protection rights may apply except the right to object.
  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

How we keep your information secure

We are committed to ensuring that your personal data is safe. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we hold about you. These include:

  • Secure work areas;
  • Information security awareness for our staff;
  • Access controls on all systems;
  • Encryption of personal data;
  • Testing, assessing and evaluating the effectiveness of technical security controls; and
  • Ensuring contracts and data sharing agreements with relevant third parties are compliant with GDPR.

What are you rights?

Subject to an exemption under the UK GDPR, you have the following rights in respect to your personal data:

  • The right to request a copy of your personal data which we hold about you;
  • The right to request that we correct any personal information if it is found to be inaccurate or out of date;
  • The right to erasure of your personal data where it is no longer necessary for us to retain such data;
  • The right to withdraw consent to the processing of your data at any time;
  • The right to request that we transmit your data to another organisation, where applicable;
  • Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction to be placed on further processing;
  • The right to object to the processing of personal data where applicable. However, as we will mainly be processing data based on the performance of a statutory duty in the public interest, there are limits to this right; and
  • The right to lodge a complaint with the Information Commissioner’s Office.

Where we get your personal information from

  • Directly from you;
  • Your family members, carers, employer or representatives;
  • Other Public Bodies such as the Police, Ambulance Service, Local Councils and the NHS; and
  • Social services, Schools, colleges, universities or other education organisations, Charities or voluntary sector organisations
  • Other Organisations such as companies who have given permission to share your information for security or key holding purpose.
  • CCTV footage or other recordings
  • Previous employers

How long we keep information

NIFRS records are retained for as long as necessary to process, in accordance with DoH Retention and Disposal Schedule: Good Management, Good Records (GMGR). GMGR retention schedule.

Keeping your information up-to-date

It is important that the information we hold about you is up-to-date. If your personal details change, or are currently inaccurate, it is important that you let us know.

Who we share information with

We may engage the services of commercial companies to store, manage and process your information on our behalf. Where we have these arrangements, there is always a Contract, a Memorandum of Understanding, a Service Level Agreement and/or an Information Sharing Agreement in place to ensure the requirements of the UK GDPR on handling personal data are met.

We may share information with another country in respect of operational and/or other matters. In such circumstances we will ensure that the requirements of Chapter V of UK GDPR are met.

Sometimes, it is in line with our legal duties and in the interest of public safety to share information with other organisations such as the Police, the NHS or Social Services. We may also share your personal information when there is a justifiable public safety and security reason. Examples are:

  • For the investigation, detection and prevention of crime or if we are required to do so by law;
  • Helping the police and relevant authorities to identify trends and issues relating to fires;
  • If there are serious risks to the public, our staff or other professionals; or
  • To protect children or vulnerable adults.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

The Information Commissioner’s Office – Northern Ireland
10th Floor
Causeway Tower
9 James Street South
Belfast
BT2 8DN

Helpline number: 0303 123 1114

Website: https://www.ico.org.uk/make-a-complaint

Last updated

10 October 2025

© NIFRS. 2026

All Rights Reserved