The services we provide include;
The types of personal data that we collect and how and why we collect and use your personal data
Our legal basis for processing your personal data will depend on the specific activity we are undertaking. Generally speaking, we process personal data for the reasons set out below. In only a very few situations will we ask for your consent for us to use your data as typically we have legal duties or powers then enable us to process personal data to undertake our functions as a fire and rescue service. It will, however, often be the case that you will be giving us personal information voluntarily and with your cooperation, but we will process that information on the basis of our duties and powers rather than because you have given your consent.
Our main processing conditions can be described as:
As a fire and rescue authority, we have many duties and powers that describe our core functions and give us legal powers to undertake those functions. Those functions include, for example;
We also have general powers (FRSA 2004, Section 5a) that enables us to do anything we consider appropriate for the purposes of the carrying-out of any of our functions or anything that is incidental to our functional purposes. This will include a power to collect, process and share personal and sensitive personal data so long as the processing is necessary for the purpose we are collecting it.
As a Fire and Rescue Service we are required by law to deliver a number of services, these may require us to acquire and process personal data these are:
We will only collect the information we require and it will only be used for the purpose that it has been collected for.
If you work or volunteer for us then we will use your personal data to manage your employment. Details of job applicants are destroyed 12 months after the post is filled.
We keep details of former employees and volunteers for 6 years after they have left.
When you contact, us using the 999 emergency number we ask for personal and location information such as name, address, date of birth, gender, contact details, address and where you are calling us from. This information may be collected via telephone, email voice recording or via 999 eye system by a member of our fire control staff. Some information may be collected automatically by our incident management system, such as the telephone number you are calling from and the location
Information relating to emergency incidents is used under statutory powers to manage and record incidents and investigate if necessary. We may collect medical information to support the ambulance service in providing care to you. Your information may be passed to other organisations to help them in their emergency response.
We may use the information you have provided to contact you should we should we need to obtain further information from you about the incident you reported.
The information gathered is used to manage our performance, report to Government and auditors and may be used for training purposes.
If a fire investigation has taken place the information could be shared with the police, health and safety executive or coroner.
We will pass your contact details to the manufacturers of white goods and to Trading Standards where they have been the cause of a fire. This is to enable them to investigate any possible fire risk.
Incident reports and fire investigation reports can be requested by those involved in incidents.
Reviews of voice recordings will only be done by Fire Control Management and will only be for appropriate and relevant purposes such as incident management, training or quality assurance.
Further details on how the government uses the information provided by us can be found on the government website at the following link –
The majority of the information we collect are during Fire Safety Audits on business premises and related actions are not personal information. The personal information we may collect will be related to the person responsible for the property. As a result of the audit, we may issue a prohibition or enforcement notice. These are available at the following link: Enforcement Register
We will ensure the confidentiality of commercially sensitive and security information available to us, such as premises plans. We will not share this information with others unless we are required to by law.
Site Specific risk visits enable West Midlands Fire Service to obtain risk information that could be used by operational personnel during an incident, premises that could pose a risk to firefighters during the course of an incident are identified and an assessment of risk is undertaken. This information may then be shared with other emergency services that may respond to an incident at that location. The majority of the information we collect is non-personalised information.
In line with Regulatory Reform (Fire Safety) Order 2005 The owner(s) / Responsible Person(s) of residential buildings which are at least 18M tall or have at least 7 storeys, have a duty to send their local Fire Authority Building Plans and External Wall System information and inform us of faults with their lifts or firefighting facilities.
Details collected of the Responsible Person (s) include First Name, Last Name, Contact details (telephone number and email address), Company Details (Company name, address) and position held within the company.
The Responsible Person(s) will upload their information to a Business to Business gateway which will be stored securely within our digital systems. This information will be retained for the life time of the building.
We will not share this information with others unless required to by law.
Under the Fire and Rescue Services Act 2004, West Midlands Fire Service has a duty to promote fire safety as one of its core functions. This is achieved by providing advice, education and community safety interventions to reduce the incidences of fires. We provide advice on fire safety in the home and this done during a Safe & Well visit. In order to do this, we collect information about you (including your name, date of birth, gender and ethnicity) and your risk and vulnerability to fire (including details about your property, lifestyle and health and wellbeing). We will use this to help you to reduce the risk of fire and to help you understand what you should do if a fire occurs. We may also use automated decision making to prioritise visits for people at the highest risk, based on the answers you give us.
We recognise that information we collect about you, particularly that about your health and wellbeing is more sensitive. We only collect the minimum amount that enables us to effectively assess all risk factors that might make you more vulnerable to fire and other incidents in your home. Our lawful basis to process and share this information is to undertake our public task as set out in the legislation referred to above.
The Equality Act 2010 places a duty on WMFS to serve all communities equally and to the highest standards in line with the Fire and Rescue Service Equality and Diversity Strategy. This is why we collect diversity information (including ethnic origin, gender, sexual orientation and disability status).
We work closely with other organisations who may be able to assist you further in reducing your risk and vulnerability to fire and provide help such as falls prevention or smoking cessation. If we consider it appropriate to share your information with our partner agencies we will tell you who we are sharing this information with and why.
If you were referred to us by another organisation with whom we have an information sharing or partnership agreement, we may make the outcomes of our visit available to them. This is for the purpose of enabling them to understand how best to assist you in reducing any outstanding risks.
West Midlands Fire Service is required by law to make contact with other agencies, usually relating to crime or where there is a serious risk to personal safety, abuse or neglect and we feel that making a safeguarding referral to Adult or Children’s Services is appropriate.
Any information that would indicate a risk to life or property that is collected during a Safe & Well visit may be used by operational personnel during an incident, helping to protect life and property.
This information is kept by us for as long as it is needed to help prevent death or injury by fire. The current retention period is 6 years.
We may use your information to contact you to request feedback on your experience in engaging with our services. This will help us to monitor and improve the quality of services and improve service user experience. The option to opt-out of this communication will be provided.
If you intend to book a fire safety training course run by us, then we will collect your personal details. We will only use your personal information to administer your account and to provide the products and services you have requested from us.
We receive names and addresses from Baywater HealthCare of those individuals who have an oxygen cylinder within their premises and have given consent for a home fire safety visit to be arranged.
Additionally, a full list of all premises that have oxygen cylinders is supplied by Baywater Health Care. As an oxygen cylinder would pose a risk to operational personnel responding to an incident. This risk information can be used by operational personnel during an incident.
NHS England, the Royal College General Practitioners and Fire and Rescue Services (FRS) in England work together to ensure preventative resources are offered to those who may benefit most.
To enable this to occur then the NHS may share your personal details with us to allow us to contact you to arrange a safe and Well Visit. Safe and Well visits have been developed to help meet local health-risk priorities and is proven to improve safety. If you require more information about how NHS England use and share your information, please click on the following link: https://www.england.nhs.uk/contact-us/privacy-notice/your-information/
Mosaic data is provided to us by a commercial company who obtain the information from a variety of sources this information is used for preventative activities. If you require more information about Experian, please click on the following link: https://www.experian.co.uk/business/
Information is obtained from/when members of the public engage with us and complete the necessary form or via telephone message. We do compile and publish statistics relating to the number and nature of compliments and comments received but not in a form that would identify any individual.
Information obtained from/when members of the public engage with us and complete the necessary form or via telephone message.
This information is processed for the purpose of responding to or investigating your complaint. It is likely that some of this personal information will be provided to whoever the complaint is about. We will not begin to investigate your complaint unless we have your consent to do so.
We do compile and publish statistics relating to the number and nature of complaints received but not in a form that would identify any individual.
West Midlands Fire Service will retain comments and compliments for a period of two years and may use content that you have provided for auditing purposes and trend analysis.
We may also use anonymised content as part of promotional material such as community fire safety promotional messages.
Complaints will be retained for a period of three years for auditing purposes and trend analysis and will be securely destroyed after this period.
WMFS use stakeholder management tools to help enhance engagements with key stakeholders and support our organisational decision making. Data Subjects whose details we process using these tools, are predominantly those in roles where they would have a reasonable expectation that their details may be processed in this way. Reasonable effort will be made to confirm with stakeholders where their details will be added to such systems and processes are in place to ensure that individuals can exercise their information rights.
Other services that we provide that will require us to hold your personal information include:
There are two ways in which we collect private information via our website:
When you submit information to us via our website, such as participating in an online survey, requesting a service or submitting a Freedom of Information request, we may receive personal information about you. This can consist of information such as your name, email address, postal address, telephone or mobile number, depending on the activity. By submitting your details, you enable West Midlands Fire Service to provide you with the services, activities or online content which you required.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
To improve user experience our website is hosted by Brixly UK and appropriate safeguards and assurance have been provided in relation to the processing of your personal data – see their website for details: https://brixly.uk/terms-and-conditions/
West Midlands Fire Service (WMFS) uses photography and video to educate and inform staff and communities, to recruit staff and promote the wide range of work we are involved in.
For the purposes of this section ‘media’ is defined as any photographic images or videographic footage obtained by West Midlands Fire Service, it’s staff, or volunteers on it’s behalf.
This may include advertising, promotion, marketing and safety campaigns. We hold this media for a maximum of two years, on our secure intranet system, and may use this media on all, but not limited to, the following channels
We will gain consent from you to process your media for these purposes . Where media contain children or young people, we are also required to seek the permission of parents or carers before capturing, sorting or using these media.
All media will be stored in accordance with WMFS’s Management of Information Policy. They will be kept for 2 years, along with the signed consent form.
All rights to the media belong to WMFS. Media may be cropped or modified for quality or combined with other media, text and graphics.
Your participation is voluntary and our lawful basis for processing this data is consent. If you do agree to take part but change your mind at a later date, you have the right to withdraw your consent at any time under Article 17 of the General Data Protection Regulations (GDPR). You can do this by getting in touch with our Corporate Communications Team via email, phone or social media, or by contacting our Data Protection Officer via the details provided below.
West Midlands Fire Service has several social media accounts.
As is the case in many large organisations, we use a social media management platform to schedule and manage our own content, and to help evaluate its reach.
We use the same platform to monitor social media and to engage with and respond to members of our communities, our partners, staff and others.
Content of interest is shared as appropriate within the service.
Where content is identified that may require investigation, for example a complaint, offensive content, or content which may be critical of, or potentially damaging to or defamatory of WMFS or an individual, we have a legitimate interest to process this data. This means that we may need to capture the content posted in a public domain, keep an accurate record of it and investigate the content further.
Images from social media will be retained as long as necessary in line with the purpose they were collated for, once this purpose is fulfilled, they will be deleted.
When and why we will share personal data within West Midlands Fire Service and with other organisations.
We may share personal data with other organisations in the following circumstances:
We may have to share your personal data for legal reasons, for example:
Where we conclude that action may need to be taken to safeguard the communities we serve your personal and /or sensitive data may be shared between different agencies. However, where information is shared we will tell you who we are sharing this information with and why. We often work with partners such as;
If we believe someone is at serious risk, then West Midlands Fire Service is required by law to make contact with other agencies. We will make sure that we record the information we share and the reason for doing so.
Where possible your information will be anonymised to remove as much detail as possible leaving only key elements to enable us, and our partners, to target resources to you and it will be transferred in a secure manner.
West Midlands Fire Service is committed to ensuring that the personal and sensitive information it holds about individuals is accurate, up to date, used only for the purpose intended and securely protected from inappropriate access.
West Midlands Fire Service is committed to ensuring that individuals are able to exercise their rights including the right of access, rectification or erasure and the right to restrict processing, to data portability and to object as well as rights in relation to automated decision making and profiling.
Under the Data Protection Act 2018, you have the right to see the personal data we hold about you. This is called a Subject Access Request.
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them. This is called data rectification. A request for data rectification should indicate which data is being referred to and the correction to be made and should include documentary proof that the amendment is necessary.
You can request that the personal information that we hold about you is erased. This is also known as ‘the right to be forgotten’. However, in some cases we may not be able to erase your information in this case we will inform you of the reasons for this.
All requests to access, rectify or erase personal data should be sent to the Data Manager.
To exercise your right to restrict processing, to data portability, to object to processing and in relation to automated decision making and profiling then please contact the Data Manager.
To ensure that personal data does not fall into the wrong hands West Midlands Fire Service needs to be satisfied with the identity of the requester. Consequently, on receipt of a request, you will be asked to provide evidence of your identity and address.
If you would like to exercise any of your data rights, you should contact the Data Protection Officer
using the details below or complete the data protection request form.
Email – DataManager@wmfs.net
99 Vauxhall Road
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep your information safe. We only authorise access to employees who need it to carry out their job responsibilities.
We may occasionally ask for proof of identity before we share your personal data with you.
We have a Staff Code of Conduct and Information Security and Handling policy that staff adhere to.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.
Our website may contain links to other websites of interest. The use of these is covered by our website use terms and conditions which can be found here: Website Terms and Conditions
We will retain your information for as long as is required to meet the purpose of collection or as long as the law requires.
Information on retention periods can be requested from the Data Manager. You have a right to request West Midlands Fire Service stop processing your personal data. Where possible we will seek to comply with your request but we may need to hold or process information in connection with one or more of our functions. You would be informed of the outcome to your request and the rationale behind the decision.
We try to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive seriously. We encourage people to bring to our attention any instances where they think our collection, or use of, information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you are unhappy with the way that your personal data has been used or any other aspect of how we have processed your information, then please contact the Data Protection Officer. Contact details in 4. Data Protection Officer contact details
If you experience a problem with your complaint you have the right to lodge a complaint to the Information Commissioner.
You can find out more about your personal data rights at the Information Commissioner’s Office website.
Contact the Information Commissioner’s Office by visiting their website at www.ico.org.uk, telephoning 0303 123 1113 or writing to:
Information Commissioner’s Office