Organisational Privacy Policy

We have a range of documents and files available to the public on our website. The file Organisational Privacy Policy is below and you can download a copy, see any archive versions or view accessibility information.


Legal terms and policies

Reading time approx: 17 minutes
Published on 11 March 2022

1. Introduction

West Midlands Fire Service (WMFS) is committed to protecting your personal data and privacy. We use the term ‘privacy policy’ to describe all the privacy information that we make available to provide to people when we collect information about them. This privacy policy:

  • sets out the types of personal data that we collect and explains how and why we collect and use your personal data
  • explains when and why we will share personal data within West Midlands Fire Service and with other organisations; and
  • explains the rights and choices you have when it comes to any personal data we may collect.

The services we provide include;

  • emergency response – providing an emergency response to fires and other emergencies and eventualities and investigating fire and incidents
  • fire safety and protection
  • responding to telephone and written enquiries
  • delivering and managing our safety courses and youth activities
  • other safety services, including Safe and Well visits
  • recruitment, employment and staff development.

Changes and updates to our Privacy Policy

We take your privacy seriously and, to ensure that we continue to process your personal information in line with Article 5(1) of the UK GDPR (“Personal data shall be: (a) processed lawfully, fairly and in a transparent manner in relation to the data subject”), we may need to update and modify our Privacy Policy from time to time. This section outlines our commitment to keeping you informed about any changes and updates.

Please note that we regularly review and update our Privacy Policy to reflect changes in our data processing activities. These updates may be made without prior notice, so we encourage you to periodically review this Privacy Policy to stay informed about how we collect, use, and protect your information.

We will use reasonable means to notify you of any significant changes to this Privacy Policy such as email or a prominent notice on our website, and where possible and/or appropriate, before the changes take effect.

We are committed to keeping your personal information safe and being transparent about our data practices. If you have any questions or concerns about this Privacy Policy or its updates, please do not hesitate to contact us by the contact methods outlined in this policy

2. Personal Data

The types of personal data that we collect and how and why we collect and use your personal data

2.1. Our legal basis for processing

Our legal basis for processing your personal data will depend on the specific activity we are undertaking. Generally speaking, we process personal data for the reasons set out below. In only a very few situations will we ask for your consent for us to use your data as typically we have legal duties or powers then enable us to process personal data to undertake our functions as a fire and rescue service. It will, however, often be the case that you will be giving us personal information voluntarily and with your cooperation, but we will process that information on the basis of our duties and powers rather than because you have given your consent.

Our main processing conditions can be described as:

  • Contractual – we need the information for the performance of a contract we have with you or that you are preparing to enter into with us
  • Legal obligation – it is necessary to use the information for compliance with a legal obligation that we must comply with
  • Vital interests – we are gathering information as part of an operational incident where there is a risk to someone’s life
  • Public task – the information is necessary for us to carry out a task in the public interest or in the exercise of our functions a fire and rescue authority.

As a fire and rescue authority, we have many duties and powers that describe our core functions and give us legal powers to undertake those functions. Those functions include, for example;

  • Our core functions, as described in the Fire and Rescue Services Act 2004 (FRSA 2004), that require us to give fire safety advice and prevent fires from happening; enable us to respond to fires and to protect life and property; and to enable us to respond to road traffic accidents and other emergencies
  • A power to respond to other eventualities where there is a situation that may cause or is likely to cause someone to die, be injured or become ill; or that may harm to the environment (including the life and health of plants and animals)
  • Our powers to enforce and regulate fire safety law, such as the Regulatory Reform (Fire Safety) Order 2005.

We also have general powers (FRSA 2004, Section 5a) that enables us to do anything we consider appropriate for the purposes of the carrying-out of any of our functions or anything that is incidental to our functional purposes. This will include a power to collect, process and share personal and sensitive personal data so long as the processing is necessary for the purpose we are collecting it.

2.2. Services available to you

As a fire and rescue service we are required by law to deliver a number of services, these may require us to acquire and process personal data these are:

  • responding to fire and other emergencies
  • enforcing Fire Safety by carrying out audits and site-specific risk visits
  • providing Fire Safety advice
  • other services such as responding to requests and our work with young people.

We will only collect the information we require and it will only be used for the purpose that it has been collected for.

2.3. Employment

If you work or volunteer for us then we will use your personal data to manage your employment. Details of job applicants are destroyed 12 months after the post is filled.

We keep details of former employees and volunteers for 6 years after they have left.

2.4. Responding to fire and other emergencies

When you contact, us using the 999 emergency number we ask for personal and location information such as name, address, date of birth, gender, contact details, address and where you are calling us from. This information may be collected via telephone, email voice recording or via 999 eye system by a member of our fire control staff. Some information may be collected automatically by our incident management system, such as the telephone number you are calling from and the location

Information relating to emergency incidents is used under statutory powers to manage and record incidents and investigate if necessary. We may collect medical information to support the ambulance service in providing care to you. Your information may be passed to other organisations to help them in their emergency response.

We may use the information you have provided to contact you should we should we need to obtain further information from you about the incident you reported.

The information gathered is used to manage our performance, report to government and auditors and may be used for training purposes.
If a fire investigation has taken place the information could be shared with the police, health and safety executive or coroner.
We will pass your contact details to the manufacturers of white goods and to Trading Standards where they have been the cause of a fire. This is to enable them to investigate any possible fire risk.

Incident reports and fire investigation reports can be requested by those involved in incidents.

Reviews of voice recordings will only be done by Fire Control Management and will only be for appropriate and relevant purposes such as incident management, training or quality assurance.
Further details on how the government uses the information provided by us can be found on the government website at the following link –

2.5. Fire Safety audits and site-specific risk visits

2.5.1. Fire Safety Audits

The majority of the information we collect are during Fire Safety Audits on business premises and related actions are not personal information. The personal information we may collect will be related to the person responsible for the property. As a result of the audit, we may issue a prohibition or enforcement notice. These are available at the following link: Enforcement Register

We will ensure the confidentiality of commercially sensitive and security information available to us, such as premises plans. We will not share this information with others unless we are required to by law.

2.5.2. Site Specific Risk Visits

Site Specific risk visits enable West Midlands Fire Service to obtain risk information that could be used by operational personnel during an incident, premises that could pose a risk to firefighters during the course of an incident are identified and an assessment of risk is undertaken. This information may then be shared with other emergency services that may respond to an incident at that location. The majority of the information we collect is non-personalised information.

2.5.3 Responsible Person Property Portal 

In line with Regulatory Reform (Fire Safety) Order 2005 The owner(s) / Responsible Person(s) of residential buildings which are at least 18M tall or have at least 7 storeys, have a duty to send their local Fire Authority Building Plans and External Wall System information and inform us of faults with their lifts or firefighting facilities.

Details collected of the Responsible Person (s) include First Name, Last Name, Contact details (telephone number and email address), Company Details (Company name, address) and position held within the company.

The Responsible Person(s) will upload their information to a Business to Business gateway which will be stored securely within our digital systems. This information will be retained for the life time of the building.

We will not share this information with others unless required to by law. 

2.6. Providing Fire Safety advice

2.6.1. Safe and Well Visits

Under the Fire and Rescue Services Act 2004, West Midlands Fire Service has a duty to promote fire safety as one of its core functions. This is achieved by providing advice, education and community safety interventions to reduce the incidences of fires. We provide advice on fire safety in the home and this done during a Safe & Well visit. In order to do this, we collect information about you (including your name, date of birth, gender and ethnicity) and your risk and vulnerability to fire (including details about your property, lifestyle and health and wellbeing). We will use this to help you to reduce the risk of fire and to help you understand what you should do if a fire occurs. We may also use automated decision-making to prioritise visits for people at the highest risk, based on the answers you give us.

We recognise that the information we collect about you, particularly that about your health and wellbeing is more sensitive. We only collect the minimum amount that enables us to effectively assess all risk factors that might make you more vulnerable to fire and other incidents in your home. Our lawful basis to process and share this information is to undertake our public task as set out in the legislation referred to above.

The Equality Act 2010 places a duty on WMFS to serve all communities equally and to the highest standards in line with the Fire and Rescue Service Equality and Diversity Strategy. This is why we collect diversity information (including ethnic origin, gender, sexual orientation and disability status).

We work closely with other organisations who may be able to assist you further in reducing your risk and vulnerability to fire and provide help such as falls prevention or smoking cessation. If we consider it appropriate to share your information with our partner agencies we will tell you who we are sharing this information with and why.

If you were referred to us by another organisation with whom we have an information sharing or partnership agreement, we may make the outcomes of our visit available to them. This is for the purpose of enabling them to understand how best to assist you in reducing any outstanding risks.

West Midlands Fire Service is required by law to make contact with other agencies, usually relating to crime or where there is a serious risk to personal safety, abuse or neglect and we feel that making a safeguarding referral to Adult or Children’s Services is appropriate.

Any information that would indicate a risk to life or property that is collected during a Safe & Well visit may be used by operational personnel during an incident, helping to protect life and property.

The current standard retention is 6 years, but information may be kept by us for as long as it is needed to help prevent death or injury by fire.

We may use your information to contact you to request feedback on your experience in engaging with our services. This will help us to monitor and improve the quality of services and improve the service user experience. The option to opt out of this communication will be provided.

2.6.2. Fire Safety Training Courses

If you intend to book a fire safety training course run by us, then we will collect your personal details. We will only use your personal information to administer your account and to provide the products and services you have requested from us.

2.6.3. Oxygen cylinders

We receive names and addresses from Baywater HealthCare of those individuals who have an oxygen cylinder within their premises and have given consent for a home fire safety visit to be arranged.

Additionally, a full list of all premises that have oxygen cylinders is supplied by Baywater Health Care. As an oxygen cylinder would pose a risk to operational personnel responding to an incident. This risk information can be used by operational personnel during an incident.

2.6.4. NHS England

NHS England, the Royal College General Practitioners and Fire and Rescue Services (FRS) in England work together to ensure preventative resources are offered to those who may benefit most.
To enable this to occur then the NHS may share your personal details with us to allow us to contact you to arrange a safe and Well Visit. Safe and Well visits have been developed to help meet local health-risk priorities and is proven to improve safety. If you require more information about how NHS England use and share your information, please click on the following link:

2.6.5. Mosaic Data

Mosaic data is provided to us by a commercial company that obtain the information from a variety of sources this information is used for preventative activities. If you require more information about Experian, please click on the following link:

2.7. Compliments, Comments and Complaints

2.7.1. Compliments and Comments

Information is obtained from/when members of the public engage with us and complete the necessary form or via telephone message. We do compile and publish statistics relating to the number and nature of compliments and comments received but not in a form that would identify any individual.

2.7.2. Complaints

Information obtained from/when members of the public engage with us and complete the necessary form or via telephone message.

This information is processed for the purpose of responding to or investigating your complaint. It is likely that some of this personal information will be provided to whoever the complaint is about. We will not begin to investigate your complaint unless we have your consent to do so.

We do compile and publish statistics relating to the number and nature of complaints received but not in a form that would identify any individual.

West Midlands Fire Service will retain comments and compliments for a period of two years and may use content that you have provided for auditing purposes and trend analysis.

We may also use anonymised content as part of promotional material such as community fire safety promotional messages.

Complaints will be retained for a period of three years for auditing purposes and trend analysis and will be securely destroyed after this period.

2.8. Stakeholder Management

WMFS use stakeholder management tools to help enhance engagements with key stakeholders and support our organisational decision-making. Data Subjects whose details we process using these tools, are predominantly those in roles where they would have a reasonable expectation that their details may be processed in this way. Reasonable effort will be made to confirm with stakeholders where their details will be added to such systems and processes are in place to ensure that individuals can exercise their information rights.

2.8.1. Other services

Other services that we provide that will require us to hold your personal information include:

  • running education/training programmes for young people
  • responding to telephone and written enquiries
  • business administration such as maintaining accounts and business records, managing contracts, services and running events
  • security including the use of CCTV systems and body-worn camera devices to keep our people and resources safe and to prevent and detect crime
  • legal services to comply with the law and to support local and national fraud initiatives
  • as part of our Integrated Risk Management Plan consultation.

2.9. Managing and improving our website experience

There are three ways in which we collect private information via our website:

  • Online forms
  • Cookies
  • Purchasing of services or licences

When you submit information to us via our website, such as participating in an online survey, completing a form, requesting a service or submitting a Freedom of Information request, we may receive personal information about you. This can consist of information such as your name, email address, postal address, telephone or mobile number, depending on the activity. By submitting your details, you enable West Midlands Fire Service to provide you with the services, activities or online content which you require.

Third-party plugins and software, such as YouTube, Stripe (payments) and other services run on our website to provide the best experience and to facilitate services. For details of what we use and how it affects you, see our Website Privacy Policy

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

To improve user experience our website is hosted by Brixly UK and appropriate safeguards and assurance have been provided concerning the processing of your personal data – see their website for details:

2.9.1 How we use cookies

We use cookies and similar technologies on our Websites to improve your customer experience. For more information on what cookies are used on our site and why please see our cookie policy

2.10 Media

West Midlands Fire Service (WMFS) uses photography and video to educate and inform staff and communities, to recruit staff and to promote the wide range of work we are involved in.

For the purposes of this section ‘media’ is defined as any photographic images or videographic footage obtained by West Midlands Fire Service, its staff, or volunteers on its behalf.

This may include advertising, promotion, marketing and safety campaigns. We hold this media for a maximum of two years, on our secure intranet system, and may use this media on all, but not limited to, the following channels

  • our staff Intranet site,
  • public-facing websites,
  • YouTube,
  • social media,
  • educational videos,
  • leaflets,
  • publications,
  • press releases.

We will gain consent from you to process your media for these purposes. Where media contain children or young people, we are also required to seek the permission of parents or carers before capturing, sorting or using these media.

All media will be stored in accordance with WMFS’s Management of Information Policy. They will be kept for 2 years, along with the signed consent form.

All rights to the media belong to WMFS. Media may be cropped or modified for quality or combined with other media, text and graphics.

Your participation is voluntary and our lawful basis for processing this data is consent. If you do agree to take part but change your mind at a later date, you have the right to withdraw your consent at any time under Article 17 of the General Data Protection Regulations (GDPR). You can do this by getting in touch with our Corporate Communications Team via email, phone or social media, or by contacting our Data Protection Officer via the details provided below.

2.11 Social media accounts

West Midlands Fire Service has several social media accounts.

As is the case in many large organisations, we use a social media management platform to schedule and manage our own content, and to help evaluate its reach.

We use the same platform to monitor social media and to engage with and respond to members of our communities, our partners, staff and others.

Content of interest is shared as appropriate within the service.

Where content is identified that may require investigation, for example, a complaint, offensive content, or content which may be critical of, or potentially damaging to or defamatory of WMFS or an individual, we have a legitimate interest to process this data. This means that we may need to capture the content posted in the public domain, keep an accurate record of it and investigate the content further.

Images from social media will be retained as long as necessary in line with the purpose they were collated for, once this purpose is fulfilled, they will be deleted.

3. Sharing your information with other organisations

When and why we will share personal data within West Midlands Fire Service and with other organisations.

We may share personal data with other organisations in the following circumstances:

3.1. Legal Reasons

We may have to share your personal data for legal reasons, for example:

  • for the detection, prevention and prosecution of crime or the apprehension of offenders;
  • in report to some organisations including Central Government, Auditors and Crime and disorder partners
  • To protect the public funds we administer, we may share information for auditing or administration to prevent and detect fraud as part of the Audit Commissions anti-fraud initiative.

3.2. Promotion of Social Wellbeing

Where we conclude that action may need to be taken to safeguard the communities we serve your personal and /or sensitive data may be shared between different agencies. However, where information is shared we will tell you who we are sharing this information with and why. We often work with partners such as;

  • Birmingham, Coventry, Dudley, Sandwell, Solihull, Walsall and Wolverhampton Councils
  • smoking cessation groups
  • falls prevention or support groups,
  • winter warmth groups.

If we believe someone is at serious risk, then West Midlands Fire Service is required by law to make contact with other agencies. We will make sure that we record the information we share and the reason for doing so.

Where possible your information will be anonymised to remove as much detail as possible leaving only key elements to enable us, and our partners, to target resources to you and it will be transferred securely.

4. Rights and Choices you have when it comes to any personal data we may collect.

West Midlands Fire Service is committed to ensuring that the personal and sensitive information it holds about individuals is accurate, up to date, used only for the purpose intended and securely protected from inappropriate access.
West Midlands Fire Service is committed to ensuring that individuals can exercise their rights including the right of access, rectification or erasure and the right to restrict processing, to data portability and to object as well as rights concerning automated decision making and profiling.

4.1. Accessing your information

Under the Data Protection Act 2018, you have the right to see the personal data we hold about you. This is called a Subject Access Request.

4.2. Data Rectification

We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them. This is called data rectification. A request for data rectification should indicate which data is being referred to and the correction to be made and should include documentary proof that the amendment is necessary.

4.3. Data Erasure

You can request that the personal information that we hold about you is erased. This is also known as ‘the right to be forgotten’. However, in some cases we may not be able to erase your information in this case we will inform you of the reasons for this.

All requests to access, rectify or erase personal data should be sent to the Data Manager.

To exercise your right to restrict processing, to data portability, to object to processing and in relation to automated decision making and profiling then please contact the Data Manager.

4.4. Proof of Identity

To ensure that personal data does not fall into the wrong hands West Midlands Fire Service needs to be satisfied with the requester’s identity. Consequently, on receipt of a request, you will be asked to provide evidence of your identity and address.

If you would like to exercise any of your data rights, you should contact the Data Protection Officer
using the details below or complete the data protection request form.

5. Data Protection Officer contact details

Email –

Write –
Data Manager
99 Vauxhall Road
B7 4HW

6. How we will protect your information

We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep your information safe. We only authorise access to employees who need it to carry out their job responsibilities.
We may occasionally ask for proof of identity before we share your personal data with you.
We have a Staff Code of Conduct and Information Security and Handling policy that staff adhere to.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

7. Links to other websites

Our website may contain links to other websites of interest. The use of these is covered by our website use terms and conditions which can be found here: Website Terms and Conditions

8. How long do you keep your data for?

We will retain your information for as long as is required to meet the purpose of collection or as long as the law requires.

Information on retention periods can be requested from the Data Manager. You have a right to request West Midlands Fire Service stop processing your personal data. Where possible we will seek to comply with your request but we may need to hold or process information in connection with one or more of our functions. You would be informed of the outcome to your request and the rationale behind the decision.

9. If you have a Concern

We try to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive seriously. We encourage people to bring to our attention any instances where they think our collection, or use of, information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

If you are unhappy with the way that your personal data has been used or any other aspect of how we have processed your information, then please contact the Data Protection Officer. Contact details in 4. Data Protection Officer contact details

If you experience a problem with your complaint you have the right to lodge a complaint to the Information Commissioner.

You can find out more about your personal data rights at the Information Commissioner’s Office website.

Contact the Information Commissioner’s Office by visiting their website at, telephoning 0303 123 1113 or writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane