• Sets out the types of personal data that we collect and explains how and why we collect and use your personal data
• Explains when and why we will share personal data within West Midlands Fire Service and with other organisations; and
• Explains the rights and choices you have when it comes to any personal data we may collect.
The services we provide include;
• Emergency response – providing an emergency response to fires and other emergencies and eventualities and Investigating fire and incidents
• Fire Safety and protection
• Responding to telephone and written enquiries
• Delivering and managing our safety courses and youth activities
• Other safety services, including Safe and Well visits
• Recruitment, employment and staff development
West Midlands Fire Service may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
1 . Personal Data the types of personal data that we collect and how and why we collect and use your personal data
2. Sharing your information with other organisations
3. Rights and Choices you have when it comes to any personal data we may collect
4. Data Protection Officer contact details
5. How we will protect your information
6. Links to other websites
7. How long do you keep your data for?
8. If you have a Concern
1. Personal Data – The types of personal data that we collect and how and why we collect and use your personal data
Our legal basis for processing
Our legal basis for processing your personal data will depend on the specific activity we are undertaking. Generally speaking, we process personal data for the reasons set out below. In only a very few situations will we ask for your consent for us to use your data as typically we have legal duties or powers then enable us to process personal data to undertake our functions as a fire and rescue service. It will, however, often be the case that you will be giving us personal information voluntarily and with your cooperation, but we will process that information on the basis of our duties and powers rather than because you have given your consent.
Our main processing conditions can be described as:
• Contractual – we need the information for the performance of a contract we have with you or that you are preparing to enter into with us.
• Legal obligation – it is necessary to use the information for compliance with a legal obligation that we must comply with.
• Vital interests – we are gathering information as part of an operational incident where there is a risk to someone’s life.
• Public task – the information is necessary for us to carry out a task in the public interest or in the exercise of our functions a fire and rescue authority.
As a fire and rescue authority, we have many duties and powers that describe our core functions and give us legal powers to undertake those functions. Those functions include, for example;
• Our core functions, as described in the Fire and Rescue Services Act 2004 (FRSA 2004), that require us to give fire safety advice and prevent fires from happening; enable us to respond to fires and to protect life and property; and to enable us to respond to road traffic accidents and other emergencies.
• A power to respond to other eventualities where there is a situation that may cause or is likely to cause someone to die, be injured or become ill; or that may harm to the environment (including the life and health of plants and animals).
• Our powers to enforce and regulate fire safety law, such as the Regulatory Reform (Fire Safety) Order 2005.
We also have general powers (FRSA 2004, Section 5a) that enables us to do anything we consider appropriate for the purposes of the carrying-out of any of our functions or anything that is incidental to our functional purposes. This will include a power to collect, process and share personal and sensitive personal data so long as the processing is necessary for the purpose we are collecting it.
Services available to you
As a Fire and Rescue Service we are required by law to deliver a number of services, these may require us to acquire and process personal data these are:
• Responding to fire and other emergencies
• Enforcing Fire Safety by carrying out audits and site specific risk visits
• Providing Fire Safety advice
• Other services such as responding to requests and our work with young people
We will only collect the information we require and it will only be used for the purpose that it has been collected for.
If you work or volunteer for us then we will use your personal data to manage your employment. Details of job applicants are destroyed 12 months after the post is filled.
We keep details of former employees and volunteers for 6 years after they have left.
Responding to fire and other emergencies
When you contact, us using the 999 emergency number we ask for personal and location information such as name, address, date of birth, gender, contact details, address and where you are calling us from. This information may be collected via telephone, email voice recording or via 999 eye system by a member of our fire control staff. Some information may be collected automatically by our incident management system, such as the telephone number you are calling from and the location
Information relating to emergency incidents is used under statutory powers to manage and record incidents and investigate if necessary. We may collect medical information to support the ambulance service in providing care to you. Your information may be passed to other organisations to help them in their emergency response.
We may use the information you have provided to contact you should we should we need to obtain further information from you about the incident you reported.
The information gathered is used to manage our performance, report to Government and auditors and may be used for training purposes.
If a fire investigation has taken place the information could be shared with the police, health and safety executive or coroner.
We will pass your contact details to the manufacturers of white goods and to Trading Standards where they have been the cause of a fire. This is to enable them to investigate any possible fire risk.
Incident reports and fire investigation reports can be requested by those involved in incidents.
Reviews of voice recordings will only be done by Fire Control Management and will only be for appropriate and relevant purposes such as incident management, training or quality assurance.
Further details on how the government uses the information provided by us can be found on the government website at the following link –
Fire Safety audits and site-specific risk visits
Fire Safety Audits
The majority of the information we collect are during Fire Safety Audits on business premises and related actions are not personal information. The personal information we may collect will be related to the person responsible for the property. As a result of the audit, we may issue a prohibition or enforcement notice. These are available at the following link; http://www.cfoa.org.uk/notices-register
We will ensure confidentiality of commercially sensitive and security information available to us, such as premises plans. We will not share this information with others unless we are required to by law.
Site Specific Risk Visits
Site Specific risk visits enable West Midlands Fire Service to obtain risk information that could be used by operational personnel during an incident, premises that could pose a risk to firefighters during the course of an incident are identified and an assessment of risk is undertaken. This information may then be shared with other emergency services that may respond to an incident at that location. The majority of the information we collect is non-personalised information.
Providing Fire Safety advice –
Safe and Well Visits
Under the Fire and Rescue Services Act 2004, West Midlands Fire Service has a duty to promote fire safety as one of its core functions. This is achieved by providing advice, education and community safety interventions to reduce the incidences of fires. We provide advice on fire safety in the home and this done during a Safe & Well visit. In order to do this, we collect information about you (including your name, date of birth, gender and ethnicity) and your risk and vulnerability to fire (including details about your property, lifestyle and health and wellbeing). We will use this to help you to reduce the risk of fire and to help you understand what you should do if a fire occurs. We may also use automated decision making to prioritise visits for people at the highest risk, based on the answers you give us.
We recognise that information we collect about you, particularly that about your health and wellbeing is more sensitive. We only collect the minimum amount that enables us to effectively assess all risk factors that might make you more vulnerable to fire and other incidents in your home. Our lawful basis to process and share this information is to undertake our public task as set out in the legislation referred to above.
The Equality Act 2010 places a duty on WMFS to serve all communities equally and to the highest standards in line with the Fire and Rescue Service Equality and Diversity Strategy. This is why we collect diversity information (including ethnic origin, gender, sexual orientation and disability status).
We work closely with other organisations who may be able to assist you further in reducing your risk and vulnerability to fire and provide help such as falls prevention or smoking cessation. If we consider it appropriate to share your information with our partner agencies we will tell you who we are sharing this information with and why.
If you were referred to us by another organisation with whom we have an information sharing or partnership agreement, we may make the outcomes of our visit available to them. This is for the purpose of enabling them to understand how best to assist you in reducing any outstanding risks.
West Midlands Fire Service is required by law to make contact with other agencies, usually relating to crime or where there is a serious risk to personal safety, abuse or neglect and we feel that making a safeguarding referral to Adult or Children’s Services is appropriate.
Any information that would indicate a risk to life or property that is collected during a Safe & Well visit may be used by operational personnel during an incident, helping to protect life and property.
This information is kept by us for as long as it is needed to help prevent death or injury by fire. The current retention period is 6 years.
Fire Safety Training Courses
If you intend to book a fire safety training course run by us, then we will collect your personal details. We will only use your personal information to administer your account and to provide the products and services you have requested from us.
We receive names and addresses from Baywater HealthCare of those individuals who have an oxygen cylinder within their premises and have given consent for a home fire safety visit to be arranged.
Additionally, a full list of all premises that have oxygen cylinders is supplied by Baywater Health Care. As an oxygen cylinder would pose a risk to operational personnel responding to an incident. This risk information can be used by operational personnel during an incident.
NHS England, the Royal College General Practitioners and Fire and Rescue Services (FRS) in England work together to ensure preventative resources are offered to those who may benefit most.
To enable this to occur then the NHS may share your personal details with us to allow us to contact you to arrange a safe and Well Visit. Safe and Well visits have been developed to help meet local health-risk priorities and is proven to improve safety. If you require more information about how NHS England use and share your information, please click on the following link: https://www.england.nhs.uk/contact-us/privacy-notice/your-information/
Mosaic data is provided to us by a commercial company who obtain the information from a variety of sources this information is used for preventative activities. If you require more information about Experian, please click on the following link: https://www.experian.co.uk/business/
Compliments, Comments and Complaints
Compliments and Comments
Information is obtained from/when members of the public engage with us and complete the necessary form or via telephone message. We do compile and publish statistics relating to the number and nature of compliments and comments received but not in a form that would identify any individual.
Information obtained from/when members of the public engage with us and complete the necessary form or via telephone message.
This information is processed for the purpose of responding to or investigating your complaint. It is likely that some of this personal information will be provided to whoever the complaint is about. We will not begin to investigate your complaint unless we have your consent to do so.
We do compile and publish statistics relating to the number and nature of complaints received but not in a form that would identify any individual.
Other services that we provide that will require us to hold your personal information include:
• running education / training programmes for young people
• responding to telephone and written enquiries.
• Business Administration such as maintaining accounts and business records, managing contracts and service and running events
• Security including the use of CCTV systems and body worn camera devices in order to keep our people and resources safe and to prevent and detect crime.
• Legal services in order to comply with the law and to support local and national fraud initiatives
• As part of our Integrated Risk Management Plan consultation.
Managing and improving our website experience
There are two ways in which we collect private information via our website:
• Online forms
• Purchasing of services or licences
When you submit information to us via our website, such as participating in an online survey, requesting a service or submitting a Freedom of Information request, we may receive personal information about you. This can consist of information such as your name, email address, postal address, telephone or mobile number, depending on the activity. By submitting your details, you enable West Midlands Fire Service to provide you with the services, activities or online content which you required.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedure to safeguard and secure the information we collect online.
To improve user experience our website is hosted by GURU and appropriate safeguards and assurance have been provided in relation to the processing of your personal data – see their website for details: https://www.guru.co.uk/
2. Sharing your information with other organisations – when and why we will share personal data within West Midlands Fire Service and with other organisations.
We may share personal data with other organisations in the following circumstances:
We may have to share your personal data for legal reasons, for example
• for the detection, prevention and prosecution of crime or the apprehension of offenders;
• in report to a number of organisations including Central Government, Auditors and Crime and disorder partners
• To protect the public funds we administer, we may share information for auditing or administration to prevent and detect fraud as part of the Audit Commissions anti-fraud initiative.
Promotion of Social Wellbeing
Where we conclude that action may need to be taken to safeguard the communities we serve your personal and /or sensitive data may be shared between different agencies. However, where information is shared we will tell you who we are sharing this information with and why. We often work with partners such as;
• Birmingham, Coventry, Dudley, Sandwell, Solihull, Walsall and Wolverhampton Councils
• Smoking cessation groups.
• Falls prevention or support groups,
• winter warmth groups
If we believe someone is at serious risk, then West Midlands Fire Service is required by law to make contact with other agencies. We will make sure that we record the information we share and the reason for doing so.
Where possible your information will be anonymised to remove as much detail as possible leaving only key elements to enable us, and our partners, to target resources to you and it will be transferred in a secure manner.
3. Rights and Choices you have when it comes to any personal data we may collect.
West Midlands Fire Service is committed to ensuring that the personal and sensitive information it holds about individuals is accurate, up to date, used only for the purpose intended and securely protected from inappropriate access.
West Midlands Fire Service is committed to ensuring that individuals are able to exercise their rights including the right of access, rectification or erasure and the right to restrict processing, to data portability and to object as well as rights in relation to automated decision making and profiling.
Accessing your information – Under the Data Protection Act 2018, you have the right to see the personal data we hold about you. This is called a Subject Access Request.
Data Rectification – We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them. This is called data rectification. A request for data rectification should indicate which data is being referred to and the correction to be made and should include documentary proof that the amendment is necessary.
Data Erasure – You can request that the personal information that we hold about you is erased. This is also known as ‘the right to be forgotten’. However, in some cases we may not be able to erase your information in this case we will inform you of the reasons for this.
All requests to access, rectify or erase personal data should be sent to the Data Manager.
To exercise your right to restrict processing, to data portability, to object to processing and in relation to automated decision making and profiling then please contact the Data Manager.
Proof of Identity
To ensure that personal data does not fall into the wrong hands West Midlands Fire Service needs to be satisfied with the identity of the requester. Consequently, on receipt of a request, you will be asked to provide evidence of your identity and address.
If you would like to exercise any of your data rights, you should contact the Data Protection Officer
using the details below or complete the data protection request form.
4. Data Protection Officer contact details
Email – DataManager@wmfs.net
99 Vauxhall Road
5. How we will protect your information
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep your information safe. We only authorise access to employees who need it to carry out their job responsibilities.
We may occasionally ask for proof of identity before we share your personal data with you.
We have a Staff Code of Conduct and Information Security and Handling policy that staff adhere to.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.
6. Links to other websites
Our website may contain links to other websites of interest. The use of these is covered by our website use terms and conditions which can be found here: Website Terms and Conditions
7. How long do you keep your data for?
We will retain your information for as long as is required to meet the purpose of collection or as long as the law requires.
Information on retention periods can be requested from the Data Manager. You have a right to request West Midlands Fire Service stop processing your personal data. Where possible we will seek to comply with your request but we may need to hold or process information in connection with one or more of our functions. You would be informed of the outcome to your request and the rationale behind the decision.
8. If you have a Concern
We try to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive seriously. We encourage people to bring to our attention any instances where they think our collection, or use of, information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you are unhappy with the way that your personal data has been used or any other aspect of how we have processed your information, then please contact the Data Protection Officer. Contact details in 4. Data Protection Officer contact details
If you experience a problem with your complaint you have the right to lodge a complaint to the Information Commissioner.
You can find out more about your personal data rights at the Information Commissioner’s Office website.
Contact the Information Commissioner’s Office by visiting their website at www.ico.org.uk, telephoning 0303 123 1113 or writing to:
Information Commissioner’s Office