Privacy notices

Why we collect and use this information

Our prevention work is the first step in reducing the risk of having a fire in your home and we do this by offering members of the community a free home safety visit.

Type of data

The categories of personal and special data collected include:

• the occupant’s contact details (name, address, telephone number, email address and confirmation of whether individuals are over the age of 65 or under the age of 18)
• the date of birth if we need to make a sensory referral and GP surgery for other onward signposting via the Joy App
• information relating to any vulnerability identified during the visit (including relevant health information, such as visual impairment or hearing loss, and relevant lifestyle information).

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation. 

• UK GDPR Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller. We collect personal information to exercise our statutory function under the Fire Services Act 2004 to promote fire safety (Core Function 6 Fire Safety) and the duty to promote the well-being of individuals under the Care Act 2014.
• UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

Information sharing

If we fit a hard-of-hearing smoke alarm in your property; we will ask your consent to share your name, address, and date of birth with the sensory loss teams within Devon, Torbay, and Somerset County Councils.

We may discuss options with you for onward signposting to other agencies for further additional support. If we make a referral on your behalf, we will make you aware of the organisation we are referring you to, and their organisational privacy notices will apply. Some referrals are made through the Joy App (Pungo Ltd), which is an online signposting service commissioned by NHS Devon. To make a referral through this service we will ask your consent to share your name, address, date of birth, GP surgery and other health related information including special category data so that the third-party organisation can offer you support.

We work with statutory and non-statutory community partners to ensure members of the community are safe in their homes. Sometimes it is necessary for us to make referrals to our partner organisations to support our prevention work and we are legally obliged to do this under the Fire Services Act 2004 and the Care Act 2014. We do this by completing a safeguarding referral to our internal team.

Following a home safety visit, if we identify that you may benefit from a referral to another agency we will discuss this with you and may refer you on your behalf. In order for us to refer on your behalf, you will need to give consent.

If you have consented to provide feedback on your home safety visit, your personal data will be shared with our Communications team.

Our non-statutory partners make referral requests to us to carry out a home safety visit. We have partnership agreements in place with each of our recognised partners which set out the governance and lawful basis for sharing name and contact details. Our partners will ask for your consent to make a referral when they think you will benefit from a home safety visit from us. Consent for a home safety visit referral must be obtained prior to a partner making a referral into our Prevention team unless there is a significant risk to the individual in relation to a fire, where professional judgment can be applied.

If you have been referred to us for a visit, confirmation that the visit has taken place may be sent to the agency that referred you to us. This is via email and only includes a postal address. 

The categories of partner organisations we work with include:

• charities and voluntary services
• care agencies
• commissioned organisations
• emergency services
• housing providers
• local authorities
• utility companies
• NHS
• private companies
• private healthcare providers
• Home Office and government organisations.

How long it’s kept

We normally keep home safety visit information for six years. (However, where we have identified a high safety risk for an individual we will retain the relevant information for as long as it remains current, for example where we have fitted equipment with a 10-year lifespan; even if that is longer than six years).

If you have consented to be contacted for feedback on your home safety visits Devon and Somerset Fire and Rescue’s Communications and Engagement team will retain your personal data for as long as you are happy to keep receiving communications.

You can stop communications at any time by clicking unsubscribe from all emails located at the bottom of every email.

Your rights

See your data, your rights section below.

Why we collect and use this information

We respond to emergency calls from members of the public and we need to collect and process personal information about those individuals and others involved in the emergency in order to carry out our services

Type of data

The categories of personal data collected in relation to a call to our control room include:

• the audio recording of 999 calls
• victim and caller information (including name, address, gender, telephone number)
• details of injuries sustained.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation.

• UK GDPR Article 6 (1)(e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller.  We collect this information to enable us to carry out our statutory obligations under the Fire Services Act 2004 but once the incident is closed, we keep incident data for other purposes including:
• Mandatory reporting of national statistics to the Home Office. This will include personal information but members of our community cannot be identified from published statistics.

Find out more about the data collection requirements placed on us by the Home Office (for example; regarding incidents and prevention work). 

See a copy of the Home Office Incident Recording System (IRS) Privacy Notice. 

• Sharing incident information with other fire and rescue services for the purposes of coordinating our emergency response and statistical and planning purposes.
• Provide evidence for court hearings such as audio recordings of 999 calls depending on the nature of the incident.
• Analysing our incident data to identify trends and predict areas within our communities that are more likely to experience fire-related emergencies. This does not involve automated decision making and data is depersonalised to carry out this task.
• UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

Information sharing

We share information with the police and ambulance services to help identify and reduce the number of hoax callers.

• Incident information is held securely on a system hosted by Capita and shared between our fire and rescue service (FRS) partners; Hampshire FRS and Dorset & Wiltshire FRS with whom we work together to ensure a robust emergency mobilising system is in place. For this purpose, we identify ourselves as Joint Data Controllers as we use the same information for the same purposes.
• In the interest of the public, we also publish details of incidents in our latest incidents news feed on our website and liaise with the local press on incidents of interest. We do not share personal information of the victims involved however persons can be identified due to the location and scale of the incident.
• If we attend a fire-related incident that is caused by faulty white goods, we will ask your consent to share your details with the manufacturer.

How long it’s kept

We keep incident mobilising data for a period of 10 years as we use it to analyse how best to serve our community. A 10-year incident cycle allows us to identify trends and allocate our resources in the most appropriate way. We record emergency calls and keep the audio for a period of two years but we may keep specific calls for longer depending on the circumstances; such as if it’s needed as evidence for a court hearing.

Your rights

See your data, your rights section below.

Why we collect and use this information

Devon and Somerset Fire and Rescue Services’ fire protection activities include working with local businesses and landlords to ensure fire safety law is understood and followed. Our core activities include fire safety inspection programmes that may lead to enforcement actions where fire safety improvement is required.

We use the data collected to carry out the following tasks:

• delivery of inspection programmes on local business/commercial premises
• responding to public concerns about business/commercial premises
• issuing statutory notices
• consultation of building regulations
• consultation on licencing applications
• promotion of fire safety advice and practices.

In the event of any investigation of fraud, other criminal activity or civil proceedings, the Service may be obliged to disclose personal data to the relevant authorities (such as the police or Crown Prosecution Service) and/or external providers (such as legal representatives).

Any personal information obtained for this process will be either provided by:

• the individual themselves
• a member of the public
• the organisation subject to the fire safety activity
• the information available in the public domain, or any other legitimate sources, for example, the statutory partners that we work with.

Type of data

In order to carry out these activities, the Service may collect the name and contact details for the following:

• the responsible person of a business/commercial premises (on behalf of the business/organisation in question)
• landlord/property owner
• licensee details held under licencing legislation
• members of staff, for example, the local store manager
• personnel that work on behalf of third-party organisations involved in the business fire safety process (such as councils, surveyors, architects, solicitors, law enforcement bodies, contractors and other agencies)
• members of the public who raise business fire safety concerns or contact us for advice.

Our lawful basis

We carry out the processing of personal data by a public authority in accordance with the UK General Data Protection Regulation.

• UK GDPR Article 6 (1)(e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller.  We collect this information to enable us to carry out our statutory obligations under the Regulatory Reform (Fire Safety) Order 2005 (Fire Safety Order) as an enforcing authority.
• We are required to provide fire safety prevention activities under Section 6 of the Fire Services Act 2004.

Information sharing

To support businesses and ensure that commercial properties comply with the Fire Safety Order, the Service works directly with other organisations that also support fire safety including councils, surveyors, architects, solicitors, licencing bodies, contractors and law enforcement bodies.

• As a regulator, we may share information about compliance and risk with other regulators, following the principle of the Regulators’ Code of “collect once, use many times” when requesting information from those we regulate.
• The Service will share information with other regulators about businesses and other bodies they regulate, to help target resources and activities and minimise duplication.

We have a statutory duty to maintain a register of information concerning the issue of prohibition, alteration and enforcement notices (statutory notices), which must be open to inspection by the public free of charge. We issue these types of notices under the Fire Safety Order. This enforcement register is available on our website. In some cases, individual names of landlords or sole traders will be published.

How long it’s kept

We keep inspection data for a maximum of 10 years.

Where we have issued a statutory notice a record will be kept whilst the notice remains in force and up to a period of 10 years following its disposal.

Statutory notices will remain on our public register until they are satisfactorily complied with and thereafter for three years.

Where we have issued a Simple Caution we will retain a record of it for a period of two years from the date of issue. There will be no public record.

Where we have investigated a breach under the Fire Safety Order, a record will be kept for a period of:

• ten years after the investigation has concluded where the outcome does not result in taking legal action through the courts, or
• a period of seven years after the determination by the courts and, if applicable, any custodial sentence has been spent

We will not keep the data we collect for longer than is necessary. For example; if a building has been demolished or the Fire Safety Order no longer applies we will update our records as soon as we are made aware.

Your rights

See your data, your rights section below.

Why we collect and use this information

As part of any recruitment process, the Service collects and processes personal data relating to job applicants. The Service is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

• We need to check that we are complying with our legal obligations e.g. checking a successful applicant's eligibility to work in the UK before employment starts.
• We will process personal data from job applicants and keep records of the recruitment process, allowing us to deliver a service, assess and confirm a candidate's suitability for employment, and decide who to offer a job. We may also need to process data from job applicants to respond and defend against legal claims.
• We will process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief and to monitor recruitment statistics for equality monitoring purposes. Whilst we may ask for this information, we rely on your consent to provide it.
• We also collect information about whether applicants are disabled in order to make reasonable adjustments during the recruitment process. We process such information to carry out our obligations and exercise specific rights in relation to employment. 
• We are obliged to seek information about criminal convictions and offences. This is because it is necessary to carry out our obligations and exercise specific rights in relation to employment and undertake our safeguarding role to protect children and vulnerable adults.
• We also collect information regarding your entitlement to drive and any current penalty points or disqualifications, if the role you are applying for requires a valid driving licence. This is requested through the Direct Gov driving licence check service and your driving licence check code will only be requested once the intended offer is made. 

Type of data

We collect a range of information about applicants. This includes:

• your name, address and contact details, including email address and telephone number
• details of your qualifications, skills, experience and employment history
• whether you have a disability for which the Service needs to make reasonable adjustments during the recruitment process
• information to determine your entitlement to work in the UK
• interview notes and test results collated at selection processes.

We collect this information in various ways, for example from application forms, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.

We may also collect personal data about you from third parties, such as references supplied by former employers and information from criminal records and driving licence checks. We will seek information from third parties only once an offer of employment has been made and you will be informed when this will take place.

Data will be stored in a range of different places, including on your application record, in Human Resources management systems and on other IT systems (including email). We ensure that appropriate security controls are in place to keep personal information safe and are in line with our data protection policy and procedures.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation. 

• UK GDPR Article 6 (1) (c) - Processing is necessary for compliance with a legal obligation to which the controller is subject.  We collect this information to fulfil our legal obligations under the Equality Act 2010 which protects people from discrimination in the workplace.  Data from successful applicants are further processed because it is necessary for an employment contract.
• UK GDPR Article 9 (2) (b) - Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment.

Information sharing

Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process and managers of the particular vacancy.

If applying for the role of on-call firefighter, your name and email address, and the station you have applied for and your status in the process may be shared with our Recruitment and Retention Officer in order for them to offer you their support and guidance through the recruitment process.

We will not share your data with third parties unless your application for employment is successful and it makes you an offer of employment. If successful, we will share your data with the following:

• your former employers and personal referees to obtain employment references
• Devon County Council to obtain necessary criminal records checks
• our Occupational Health provider to obtain medical clearance
• Direct Gov to obtain a driving licence check.

For applicants who require permission to work in the UK, we may need to share personal data with legal advisers and the Home Office to make sure we comply with immigration requirements. 

How long it’s kept

If your application for the role is unsuccessful, we will hold your data on file, including interview notes and test results, for 12 months after the end of the relevant recruitment process so we can respond to any queries, provide feedback if you request it and for statistical purposes. Anonymised data will be kept for monitoring purposes.

If your application for the role is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained for the duration of your employment plus six years thereafter. However, interview notes and selection process scores will be deleted 12 months after the end of the relevant recruitment process.

Your rights

See your data, your rights section below.

Why we collect and use this information

Our youth work is designed to reduce fire risk and fire crime through education. Our activities include the Fire Setter Intervention Programme and uniformed youth groups, early learning fire safety for early learning practitioners and a school education programme. We have a separate privacy notice on this page for our Fire Setter Intervention Programme.

Uniformed youth group programmes are open to young people between the ages of 12 to 18 years.

Type of data

• Contact details of the participant (name, address, contact number).
• Email address for a parent or young person to support virtual sessions where necessary.
• Date of birth of the participant.
• Ethnicity.
• Medical information.
• Emergency contact details for the participant (parent or guardian).
• Photographs of scheme participants undertaking activities with due consent from parent/carer/responsible adult.

Our lawful basis

We carry out the processing of personal data by a public authority in accordance with the UK General Data Protection Regulation.

• UK GDPR Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller. The Fire Services Act 2004 requires us to provide fire safety advice and education as part of our Community Safety prevention work.
• UK GDPR Article 9 (2) (a) – The data subject has given explicit consent to those personal data for one or more specified purposes.  For a child to participate in an education programme, we collect and use personal data with the explicit consent of the parent or carer.

Information sharing

We have a responsibility to promote social wellbeing and prevent harm, to ensure you receive relevant services and drive continuous improvement, we often work with other authorities, agencies and partners including:

• other fire and rescue services (anonymised data for research purposes)
• community organisations 
• youth groups
• councils
• police and other emergency services 
• social services 
• educational services
• health services
• The Home Office (anonymised for statistical reporting) 

If we identify a safeguarding concern during any engagement with the public, we have a legal obligation to work with our statutory partners to safeguard them under the Children and Social Work Act 2017, The Care Act 2014 and Children’s Act 2004.  We will therefore share our concerns with the most appropriate partner. Please see our safeguarding privacy notice for more information.

How long it’s kept

All information is securely stored in line with information assurance security controls and policies. Uniformed youth groups data is securely stored until such time as awards, certificates and pass-outs have been completed.

With the exception of name, date of birth and the unit they attended, together with the start and end dates of their participation. This data is maintained for safeguarding purposes.

Your rights

See your data, your rights section below.

Why we collect and use this information

We have a responsibility to safeguard adults and children at risk that we identify through our operations as a fire and rescue service.

Type of data

We hold the following personal information about those individuals for whom either safeguarding or welfare concerns have been raised:

• name, address, and date of birth of the adult or child
• names and addresses of a responsible adult (for example, a social worker)
• information relating to any personal risk to the adult or child
• relevant characteristics of the adult or child, such as special educational needs, behavioural information, or disabilities.

We use the data to:

• prevent harm to, and promote the welfare of adults and children at risk
• record and evaluate our work
• derive statistics which inform decisions about how we improve safety and support the development of our staff
• help you contact other services which may benefit you or improve your safety.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation.

• UK GDPR Article 6 (1) (c) - Processing is necessary for compliance with a legal obligation to which the controller is subject. The Care Act 2014 and Children’s Act 2004 places a responsibility on organisations to work effectively in partnership to safeguard and promote the welfare of adults and children.
• UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

Fire and rescue services must have regard to the Fire and Rescue National Framework that sets out priorities, objectives and guidance in connection with the discharge of their functions.

Information sharing

We have a responsibility to promote social wellbeing and prevent harm. To ensure you receive relevant services and we improve our own, we often work with other authorities, agencies, and partners including:

• community organisations
• council, social and educational services
• police and other emergency services
• health services.

If we identify a safeguarding concern as part of our engagement, we have a legal obligation to work with our statutory partners to safeguard adults and children at risk. If we identify a welfare concern as part of our engagement we obtain your consent before sharing any information.

How long it’s kept

All information is stored on a database and is subject to our information security controls and policies.

We will keep safeguarding information for 10 years following the last action we have taken to ensure your personal safety. After this time it will be securely disposed of.

Your rights

See your data, your rights section below.

Why we collect and use this information

We have a legal duty to reduce fire risk and fire crime through education. Our activities include the Firesetter Intervention Programme which has been running since 1995 and is designed to advise children and young people with firesetting behaviour. The aim of the Scheme is to help children and young people understand and control the feelings and circumstances that lead them to set fires.

Type of data

We hold the following personal information about those involved in the programme:

• name, address and date of birth of the child or young person
• names and addresses of the responsible adult
• information relating to the instances of fire setting (such as referral information, assessment information, details of the history of setting fires, dates and details of the interventions that we have carried out)
• relevant characteristics of the child or young person, such as special educational needs, behavioural information or disabilities.

We use the data to:

• prevent and reduce fire crime and firesetting by children and young people.
• record and evaluate our work
• produce statistics which inform decisions about how we drive continuous improvement
• help you contact other services which may benefit you or improve your safety
• deliver and manage safety courses and services for young people.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation. 

• UK GDPR Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller. The Fire Services Act 2004 requires us to provide fire safety advice and education as part of our Community Safety prevention work.
• UK GDPR Article 9 (2) (a) – The data subject has given explicit consent to those personal data for one or more specified purposes. For a child to participate in an education programme, we collect and use personal data with the explicit consent of the parent or carer.

Information sharing

We have a responsibility to promote social wellbeing and prevent harm. To ensure you receive relevant services and we improve our own, we often work with other authorities, agencies and partners including:

• community organisations
• council social and educational services
• police and other emergency services
• health services
• probation.

If we identify a safeguarding concern during any engagement with the public, we have a legal obligation to work with our statutory partners to safeguard them under the Children and Social Work Act 2017, The Care Act 2014 and Children’s Act 2004.  We will therefore share our concerns with the most appropriate partner.

How long it’s kept

All information is stored on a database and is subject to our information security controls and policies. In most cases, we will keep Firesetter data for ten years following the young person’s 18th birthday, or for 10 years following case closure if over age 18.

Your rights

See your data, your rights section below.

Why we collect and use this information

We are processing your information in relation to our procurement of goods, services, and works so that we can:

• contact you
• conduct due diligence on suppliers (for example, financial stability) 
• administer contracts 
• purchase goods and services 
• order items via our purchase order management system 
• meet government legislation concerning contracts valued at over £25,000.

Type of data

• Names.
• Addresses.
• Dates of birth.
• Nationality.
• Telephone number.
• Email.

Our lawful basis

We process your personal data where it is necessary for managing or entering into a contract with us. Article 6(1) (b) of the General Data Protection Legislation (2018) says:

• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Information sharing

We will share your information internally with the appropriate stakeholders. Limited details (e.g. supplier name and some contact details) of successful contracts will be published externally on the following.

• Blue Light Procurement Database.
• GOV.UK contract finder.
• Tenders Electronic Daily.

How long it’s kept

All information is kept for the life of the contract and then archived for a period of seven years in line with our retention policy.

Your rights

See your data, your rights section below.

Why we collect and use personal information

We will collect and hold some of your personal information if: 

• you make claim against us, or we make a claim against you, which we deal with
• we make a claim to our protection provider or our insurers which involves you
• you are a witness to an incident where a claim is made.

We may collect your personal information directly from you or from other people such as your doctor, lawyer or employer.

The types of information we collect and hold

This personal information may include but is not limited to your: 

• name, address, phone number, and email address
• age and gender
• medical information, past and current, including medical records and reports
• disability information, including medical records and reports
• employment records 
• vehicle registration number
• photograph and/or CCTV/video images of you or your vehicle or property.

Our lawful basis

We carry out the processing of personal data by a public authority in accordance with the UK General Data Protection Regulation. 

• UK GDPR Article 6 (1) (f) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. We will only use your personal information for one or more of the following reasons:
• to process a claim
• to defend or bring legal proceedings
• to enable us to make a claim against our protection provider or insurers
• to respond to complaints
• UK GDPR Article 9 (2) (a) – The data subject has given explicit consent to the processing of those personal data for one or more specified purposes. We will only use personal information about your health and your medical records if you agree that we can.

Information sharing

We may share appropriate personal information relative to a claim with our protection provider (Fire & Rescue Indemnity Company Limited) and their managers (Building Lifeplans Limited) and our insurers. We may also share your personal information with other people and organisations in connection with a claim, such as our legal and medical advisers and loss adjusters.

How long it's kept

Your personal information is securely stored at our premises.

We keep claims-related documents, which may include your personal information, for seven years from the date of settlement or closure of the claim, or such other statutory period relevant to the age of the claimant and/or the nature of the injury/disease if longer than seven years.

When we no longer need to keep your personal information, we will delete it or destroy it securely.

Your rights

You can tell us at any time to stop using your information. You can write to us or email us. If you do tell us to stop using that personal information, this may affect any claim you may have against us.

See your data, your rights section below.

Why we collect and use this information

Devon and Somerset Fire and Rescue Service (DSFRS) have installed CCTV on some of our premises for the purposes of monitoring site security, public and staff safety and the prevention and detection of crime.

We use cameras in some of our operational and service owned vehicles for the purpose of staff driver training and for administering insurance claims.

We use drones to enhance and improve firefighter safety and training.

We use body-worn cameras at some incidents for the purpose of improving situational awareness and to record decisions made at incidents.

Type of data

Cameras have the potential to capture a visual reference to the following:

• gender
• physical/mental health
• ethnicity
• religious/philosophical views.

Our lawful basis

We carry out the processing of images as a public authority in accordance with the UK General Data Protection Regulation.

• UK GDPR Article 6 (1)(f) - Processing is necessary for the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects involved.
• UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

At our premises, we have placed appropriate signs to notify you that CCTV is in operation, their intended purpose and our contact details. In more dynamic situations such as attending incidents, additional signage will be displayed by individual staff operating camera equipment.

Information sharing

Where we receive requests for the footage we have captured, we may disclose information in accordance with the appropriate exemptions to the Data Protection Act 2018 and the codes of practice issued by the Information Commissioner and the Home Office.

How long it’s kept

Images captured by our premises and operational vehicle CCTV will not be kept for longer than 28 days. However, on occasions where there may be a need to keep images for longer, for example where a crime is being investigated, we retain the right to do so. 

Images captured for driver training purposes are kept for 3 years.

Images captured from our operational response support vehicles will be automatically overwritten every 30 days unless specific footage is needed for an insurance claim due to an accident. The footage will be downloaded and retained until the outcome of the accident investigation.

Images captured by drones or body-worn cameras are kept depending on the identified purpose.

• Training – images are retained indefinitely for use in future training courses where footage identified as adding value.
• Evidence – images are retained as required for public enquiries, court orders, safety events (fire investigations).
• Debrief – images are retained for a minimum of 6 months unless identified as being required for the reasons set out above.

Your rights

See your data, your rights section below.

We deliver commercial fire safety training courses in association with commercial trading arm Red One Limited which is a wholly owned subsidiary of the Fire Authority. Red One administers course bookings and will share some of that information with us in order for us to deliver that training.

Type of data

We need to know the following information about a delegate:

• name and contact details
• employment details
• health and medical information that is relevant to the course.

The above information is shared with us by Red One Ltd. For more information about how Red One Ltd process personal information, please view their privacy notice.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation.

• UK GDPR Article 6 (1) (f) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.  We process the above data for the legitimate interest in delivering a training course and carrying out a task in the interest of the public to deliver fire safety skills to members of the public and the business community.

Information sharing

Our commercial safety courses are accredited to a national standard and we work with a number of accrediting bodies. We will share with them a delegate’s course portfolio work which will include their personal information as detailed above and additionally some photographic evidence as appropriate. The awarding bodies that we work with are listed below.

• Skills 4 Justice.
• Pearsons BTEC.
• City & Guilds.
• Rescue 3 Europe.
• Maritime Coast Guard Agency.

We will not share your information for any marketing purposes.

How long it’s kept

We will keep course portfolio information for a maximum period of six years and any course booking data for a period of 12 months.

Your rights

See your data, your rights section below.

Why we collect and use this information

We use video conference functionality in M365 for holding internal meetings and ways to communicate with staff and external collaboration with 3rd parties, our communities and partner organisations.

Attendance reports are generated for each meeting. We may process additional data about you if the meeting is recorded. General purposes for recording a meeting you are a participant of may include:

• training and awareness
• note taking.

If there is an explicit, different reason for recording a meeting, the organiser or chair of the meeting will verbally explain what the purpose is.

Type of data

We hold names and email addresses of attendees at meetings via automated attendance reports. If we record meetings, then additional data about individuals will be processed including:

• video footage
• audio from conversations.

The chat function may be used to capture participant questions and other narrative. Content from chat function will be processed in non and recorded meetings.

Our lawful basis

To process this data, we rely on Article 6(1)(f) of the UK GDPR whereby processing is necessary for the purposes of legitimate interests pursued by us as a Data Controller (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects involved).

If you do not wish to be recorded, you have the option (where agreed) to mute the camera and microphone, opting to use the chat function to participate as necessary. Participant details will still be captured in the chat function and used for the purposes outlined above.

For different explicit recording purposes, the privacy notice will be given verbally, including clarification if a different lawful basis is being relied upon. If recorded content is likely to include special category data about meeting participants or other individuals, then a 2nd lawful basis from Article 9 of the GDPR will also be given.

Information Sharing

Recordings of the meeting are automatically shared with internal (staff) participants and will be available to view immediately after the meeting has finished. Guests and external attendees can view the recording if it is explicitly shared with them.

Sharing a copy of the recording outside of the purposes listed above and to non-participants, may be considered, and will require demonstrable justification from a lawful basis. If this is legitimate interest, a legitimate interest test will be completed prior to sharing. If it is consent, this must be evidenced from all participants as part of our transparency obligations.

How long its kept

The default retention period for M365 meetings hosted by the Service is three months. This can be overridden on a demonstrably justified basis based on business need. Longer term retention will be managed on the stream application of the M365 platform.

Your rights

See your data, your rights section below.

Further information

Please refer to Microsoft’s Privacy Statement – Microsoft privacy for further information or contact the Service’s Data Protection Officer via informationgovernance@dsfire.gov.uk.
 

The Service actively participates in the National Fraud Initiative (NFI) every two years. This is a data matching exercise within and between public and private sector bodies to prevent and detect fraud which is operated by the Public Sector Fraud Authority. The reports flag up payments, company details or personal details that are potentially fraudulent which are investigated by the Service.

Type of data

The types of personal data we hold and process about sole traders and ex-employees can include:

• Contact details, including name, address, telephone number and email address.

Our lawful basis

We carry out the processing of personal data as a public authority, in accordance with the UK General Data Protection Regulation. The lawful basis we rely on is:

UK GDPR Article 6 (1)(e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller. We collect personal information to exercise our statutory function under the Local Audit and Accountability Act 2014 (LAAA).

Information sharing

We will disclose appropriate information to support the National Fraud Initiative (NFI). This will involve information being used in data matching exercises which are currently run every two years for the purpose of assisting the prevention and detection of fraud.

How long it’s kept

All information is kept for the current year plus 6 years in line with our retention policy.

Your rights

Please see our your data, your rights section below.