Organisational Privacy Policy

This privacy policy covers all personal data and privacy usage, sharing and rights for all activities carried out by our service

West Midlands Fire Service is committed to protecting your personal data and privacy. We use the term ‘privacy policy’ to describe all the privacy information that we make available to provide to people when we collect information about them. This privacy policy:
• Sets out the types of personal data that we collect and explains how and why we collect and use your personal data
• Explains when and why we will share personal data within West Midlands Fire Service and with other organisations; and
• Explains the rights and choices you have when it comes to any personal data we may collect.

The services we provide include;
• Emergency response – providing an emergency response to fires and other emergencies and eventualities and Investigating fire and incidents
• Fire Safety and protection
• Responding to telephone and written enquiries
• Delivering and managing our safety courses and youth activities
• Other safety services, including Safe and Well visits
• Recruitment, employment and staff development

West Midlands Fire Service may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

1 . Personal Data the types of personal data that we collect and how and why we collect and use your personal data
2. Sharing your information with other organisations
3. Rights and Choices you have when it comes to any personal data we may collect
4. Data Protection Officer contact details
5. How we will protect your information
6. Links to other websites
7. How long do you keep your data for?
8. If you have a Concern

1. Personal Data – The types of personal data that we collect and how and why we collect and use your personal data

Our legal basis for processing

Our legal basis for processing your personal data will depend on the specific activity we are undertaking. Generally speaking, we process personal data for the reasons set out below. In only a very few situations will we ask for your consent for us to use your data as typically we have legal duties or powers then enable us to process personal data to undertake our functions as a fire and rescue service. It will, however, often be the case that you will be giving us personal information voluntarily and with your cooperation, but we will process that information on the basis of our duties and powers rather than because you have given your consent.
Our main processing conditions can be described as:
Contractual – we need the information for the performance of a contract we have with you or that you are preparing to enter into with us.
Legal obligation – it is necessary to use the information for compliance with a legal obligation that we must comply with.
Vital interests – we are gathering information as part of an operational incident where there is a risk to someone’s life.
Public task – the information is necessary for us to carry out a task in the public interest or in the exercise of our functions a fire and rescue authority.

As a fire and rescue authority, we have many duties and powers that describe our core functions and give us legal powers to undertake those functions. Those functions include, for example;
• Our core functions, as described in the Fire and Rescue Services Act 2004 (FRSA 2004), that require us to give fire safety advice and prevent fires from happening; enable us to respond to fires and to protect life and property; and to enable us to respond to road traffic accidents and other emergencies.
• A power to respond to other eventualities where there is a situation that may cause or is likely to cause someone to die, be injured or become ill; or that may harm to the environment (including the life and health of plants and animals).
• Our powers to enforce and regulate fire safety law, such as the Regulatory Reform (Fire Safety) Order 2005.

We also have general powers (FRSA 2004, Section 5a) that enables us to do anything we consider appropriate for the purposes of the carrying-out of any of our functions or anything that is incidental to our functional purposes. This will include a power to collect, process and share personal and sensitive personal data so long as the processing is necessary for the purpose we are collecting it.

Services available to you
As a Fire and Rescue Service we are required by law to deliver a number of services, these may require us to acquire and process personal data these are:
• Responding to fire and other emergencies
• Enforcing Fire Safety by carrying out audits and site specific risk visits
• Providing Fire Safety advice
• Other services such as responding to requests and our work with young people
We will only collect the information we require and it will only be used for the purpose that it has been collected for.

Employment
If you work or volunteer for us then we will use your personal data to manage your employment. Details of job applicants are destroyed 6 months after the post is filled.

We keep details of former employees and volunteers for 6 years after they have left.

Responding to fire and other emergencies

When you contact, us using the 999 emergency number we ask for personal and location information such as name, address, date of birth, gender, contact details, address and where you are calling us from. This information may be collected via telephone, email voice recording or via 999 eye system by a member of our fire control staff. Some information may be collected automatically by our incident management system, such as the telephone number you are calling from and the location

Information relating to emergency incidents is used under statutory powers to manage and record incidents and investigate if necessary. We may collect medical information to support the ambulance service in providing care to you. Your information may be passed to other organisations to help them in their emergency response.

We may use the information you have provided to contact you should we should we need to obtain further information from you about the incident you reported.

The information gathered is used to manage our performance, report to Government and auditors.
If a fire investigation has taken place the information could be shared with the police, health and safety executive or coroner.
We will pass your contact details to the manufacturers of white goods and to Trading Standards where they have been the cause of a fire. This is to enable them to investigate any possible fire risk.

Incident reports and fire investigation reports can be requested by those involved in incidents.

Reviews of voice recordings will only be done by Fire Control Management and will only be for appropriate and relevant purposes such as incident management, training or quality assurance.
Further details on how the government uses the information provided by us can be found on the government website at the following link –

https://www.gov.uk/government/publications/data-protection-and-privacy-notices/fire-and-rescue-service-incident-recording-system-privacy-information-notice

Fire Safety audits and site-specific risk visits

Fire Safety Audits
The majority of the information we collect are during Fire Safety Audits on business premises and related actions are not personal information. The personal information we may collect will be related to the person responsible for the property. As a result of the audit, we may issue a prohibition or enforcement notice. These are available at the following link; http://www.cfoa.org.uk/notices-register

We will ensure confidentiality of commercially sensitive and security information available to us, such as premises plans. We will not share this information with others unless we are required to by law.

Site Specific Risk Visits
Site Specific risk visits enable West Midlands Fire Service to obtain risk information that could be used by operational personnel during an incident, premises that could pose a risk to firefighters during the course of an incident are identified and an assessment of risk is undertaken. This information may then be shared with other emergency services that may respond to an incident at that location. The majority of the information we collect is non-personalised information.

Providing Fire Safety advice –

Safe and Well Visits
West Midlands Fire Service has a duty to promote fire safety and this is achieved by providing advice, education and community safety interventions to reduce the incidences of fires. We provide advice on fire safety in the home and this done during a Safe & Well visit.

During a Safe & Well visit, we will collect information including your name, date of birth, ethnicity, along with information about your risk and vulnerability to fire which often includes details about your property, lifestyle and health and wellbeing. We will use this to help you to reduce the risk of fire and to help you understand what you should do if a fire occurs.

We recognise that information we collect about you, particularly that about your health and wellbeing is more sensitive. We only collect the minimum amount that enables us to effectively assess all risk factors that might make you more vulnerable to fire and other incidents in your home.

We work closely with other organisations who may be able to assist you further in reducing your risk and vulnerability and provide help such as falls prevention or smoking cessation. We will explain if and why we want to share your information with these agencies.

Any information that would indicate a risk to life or property that is collected during a Safe & Well visit may be used by operational personnel during an incident, helping to protect life and property.

The Equality Act 2010 places a duty on WMFS to serve all communities equally and to the highest standards in line with the Fire and rescue Service Equality and Diversity Strategy. This is why we collect information about your ethnic origin.

West Midlands Fire Service is required by law to make contact with other agencies, usually relating to crime or where there is a serious risk to personal safety, abuse or neglect and we feel that making a safeguarding referral to Adult or Children’s Services is appropriate.

This information is kept by us for 6 years from the time we last had contact with you.

Fire Safety Training Courses
If you intend to book a fire safety training course run by us, then we will collect your personal details. We will only use your personal information to administer your account and to provide the products and services you have requested from us.

Oxygen cylinders
We receive names and addresses from Baywater HealthCare of those individuals who have an oxygen cylinder within their premises and have given consent for a home fire safety visit to be arranged.

Additionally, a full list of all premises that have oxygen cylinders is supplied by Baywater Health Care. As an oxygen cylinder would pose a risk to operational personnel responding to an incident. This risk information can be used by operational personnel during an incident.

NHS England
NHS England, the Royal College General Practitioners and Fire and Rescue Services (FRS) in England work together to ensure preventative resources are offered to those who may benefit most.
To enable this to occur then the NHS may share your personal details with us to allow us to contact you to arrange a safe and Well Visit. Safe and Well visits have been developed to help meet local health-risk priorities and is proven to improve safety. If you require more information about how NHS England use and share your information, please click on the following link: https://www.england.nhs.uk/contact-us/privacy-notice/your-information/

Mosaic Data
Mosaic data is provided to us by a commercial company who obtain the information from a variety of sources this information is used for preventative activities. If you require more information about Experian, please click on the following link: http://www.experian.co.uk/marketing-services/products/mosaic/mosaic-in-detail.html

Compliments, Comments and Complaints

Compliments and Comments
Information is obtained from/when members of the public engage with us and complete the necessary form or via telephone message. We do compile and publish statistics relating to the number and nature of compliments and comments received but not in a form that would identify any individual.

Complaints
Information obtained from/when members of the public engage with us and complete the necessary form or via telephone message.

This information is processed for the purpose of responding to or investigating your complaint. It is likely that some of this personal information will be provided to whoever the complaint is about. We will not begin to investigate your complaint unless we have your consent to do so.

We do compile and publish statistics relating to the number and nature of complaints received but not in a form that would identify any individual.

Other services

Other services that we provide that will require us to hold your personal information include:
• running education / training programmes for young people
• responding to telephone and written enquiries.
• Business Administration such as maintaining accounts and business records, managing contracts and service and running events
• Security including the use of CCTV systems and body worn camera devices in order to keep our people and resources safe and to prevent and detect crime.
• Legal services in order to comply with the law and to support local and national fraud initiatives

Managing and improving our website experience
There are two ways in which we collect private information via our website:
• Online forms
• Cookies
• Purchasing of services or licences
When you submit information to us via our website, such as participating in an online survey, requesting a service or submitting a Freedom of Information request, we may receive personal information about you. This can consist of information such as your name, email address, postal address, telephone or mobile number, depending on the activity. By submitting your details, you enable West Midlands Fire Service to provide you with the services, activities or online content which you required.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedure to safeguard and secure the information we collect online.

How we use cookies
We use cookies and similar technologies on our Websites to improve your customer experience. For more information on what cookies are used on our site and why please see our cookie policy here:

2. Sharing your information with other organisations – when and why we will share personal data within West Midlands Fire Service and with other organisations.

We may share personal data with other organisations in the following circumstances:

Legal Reasons
We may have to share your personal data for legal reasons, for example
• for the detection, prevention and prosecution of crime or the apprehension of offenders;
• in report to a number of organisations including Central Government, Auditors and Crime and disorder partners
• To protect the public funds we administer, we may share information for auditing or administration to prevent and detect fraud as part of the Audit Commissions anti-fraud initiative.

Promotion of Social Wellbeing
Where we conclude that action may need to be taken to safeguard the communities we serve your personal and /or sensitive data may be shared between different agencies. However, where information is shared we will have obtained your consent to share. We often work with partners such as;
• Birmingham, Coventry, Dudley, Sandwell, Solihull, Walsall and Wolverhampton Councils
• Smoking cessation groups.
• Falls prevention or support groups,
• winter warmth groups

If we believe someone is at risk, this risk must be identified as being serious before we can act against your right to confidentiality. If information is shared without your consent, we will make sure that we record the information we share and the reason for doing so.

Where possible your information will be anonymised to remove as much detail as possible leaving only key elements to enable us, and our partners, to target resources to you and it will be transferred in a secure manner.

3. Rights and Choices you have when it comes to any personal data we may collect.

West Midlands Fire Service is committed to ensuring that the personal and sensitive information it holds about individuals is accurate, up to date, used only for the purpose intended and securely protected from inappropriate access.
West Midlands Fire Service is committed to ensuring that individuals are able to exercise their rights including the right of access, rectification or erasure and the right to restrict processing, to data portability and to object as well as rights in relation to automated decision making and profiling.

Accessing your information – Under the Data Protection Act 2018, you have the right to see the personal data we hold about you. This is called a Subject Access Request.

Data Rectification – We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them. This is called data rectification. A request for data rectification should indicate which data is being referred to and the correction to be made and should include documentary proof that the amendment is necessary.

Data Erasure – You can request that the personal information that we hold about you is erased. This is also known as ‘the right to be forgotten’. However, in some cases we may not be able to erase your information in this case we will inform you of the reasons for this.

All requests to access, rectify or erase personal data should be sent to the Data Manager.

To exercise your right to restrict processing, to data portability, to object to processing and in relation to automated decision making and profiling then please contact the Data Manager.

Proof of Identity
To ensure that personal data does not fall into the wrong hands West Midlands Fire Service needs to be satisfied with the identity of the requester. Consequently, on receipt of a request, you will be asked to provide evidence of your identity and address.

If you would like to exercise any of your data rights, you should contact the Data Protection Officer
using the details below or complete the data protection request form.

4. Data Protection Officer contact details

Email – DataManager@wmfs.net

Write –
Data Manager
99 Vauxhall Road
Birmingham
B7 4HW

5. How we will protect your information

We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep your information safe. We only authorise access to employees who need it to carry out their job responsibilities.
We may occasionally ask for proof of identity before we share your personal data with you.
We have a Staff Code of Conduct and Information Security and Handling policy that staff adhere to.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

6. Links to other websites

Our website may contain links to other websites of interest. The use of these is covered by our website use terms and conditions which can be found here: Website Terms and Conditions

7. How long do you keep your data for?

We will retain your information for as long as is required to meet the purpose of collection or as long as the law requires.

Information on retention periods can be requested from the Data Manager. You have a right to request West Midlands Fire Service stop processing your personal data. Where possible we will seek to comply with your request but we may need to hold or process information in connection with one or more of our functions. You would be informed of the outcome to your request and the rationale behind the decision.

8. If you have a Concern
We try to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive seriously. We encourage people to bring to our attention any instances where they think our collection, or use of, information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you are unhappy with the way that your personal data has been used or any other aspect of how we have processed your information, then please contact the Data Protection Officer. Contact details in 4. Data Protection Officer contact details

If you experience a problem with your complaint you have the right to lodge a complaint to the Information Commissioner.

You can find out more about your personal data rights at the Information Commissioner’s Office website.

Contact the Information Commissioner’s Office by visiting their website at www.ico.org.uk, telephoning 0303 123 1113 or writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF