Last updated 11/03/2022
We are West Midlands Fire Service (“company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices with regards to your personal information, please contact us at firstname.lastname@example.org.
In summary: We collect personal information that you provide to us such as name, address, contact information, passwords and security data, and payment information.
We collect personal information that you voluntarily provide to us when expressing an interest in obtaining information about us or our products and services when participating in activities on the Sites or otherwise contacting us.
The personal information that we collect depends on the context of your interactions with us and the Sites, the choices you make and the products and features you use. The personal information we collect can include the following:
Name and Contact Data. We collect your first and last name, email address, postal address, telephone number, and other similar contact data.
Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
Payment Data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (a credit/debit card number), and the security code or expiry information associated with your payment instrument. All payment data is stored by our payment processor and you should review its privacy policies and contact the payment processor directly to respond to your questions.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
In summary: Some information – such as IP address and/or browser and device characteristics – is collected automatically when you visit our Sites.
We automatically collect certain information when you visit, use or navigate the Sites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Sites and other technical information. This information is primarily needed to maintain the security and operation of our Sites, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
Information collected from other sources
In summary: We may collect limited data from public databases, marketing partners, and other outside sources.
We may obtain information about you from other sources, such as public databases, joint marketing partners, as well as from other third parties. Examples of the information we receive from other sources include social media profile information; marketing leads and search results and links, including paid listings (such as sponsored links).
In summary: We process your information for purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, and/or your consent.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your information are
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting email@example.com
(b) We have a contractual obligation.
(c) We have a legal obligation.
Not all of the above will apply to you. We use the personal information collected via our Sites for a variety of business purposes described, aligned to the above lawful basis and we’ve outlined some example specific business reasons below.
We use the information we collect or receive:
To facilitate account creation and logon process. If you choose to link your account with us to a third party account *(such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process.
To send you marketing and promotional communications. We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time by emailing firstname.lastname@example.org.
To send administrative information to you. We may use your personal information to send you information about a product, service and new feature information and/or information about changes to our terms, conditions, and policies.
To provide, or aid in the provision of, goods or services to you or a company you represent as is required by a request you’ve made or contract/agreement we have with you.
Request Feedback. We may use your information to request feedback and to contact you about your use of our Sites.
To enforce our terms, conditions and policies.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Sites, products, services, marketing and your experience.
In summary: We only share information with your consent, to comply with laws, to protect your rights, or to fulfil business obligations.
We may process or share data based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal processes, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
Vendors, Consultants and Other Third-Party Service Providers.
We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf. Examples include payment processing, data analysis, email delivery, booking systems, hosting services, customer service and marketing or software to enhance our website or similar services. We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect data about how you interact with the Sites over time. This information may be used to, among other things, analyse and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
In summary: We only share information with the following third parties.
We only share and disclose your information with the following third parties. We have categorised each party so that you may easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to revoke your consent, please contact us.
Invoice and Billing
Web and Mobile Analytics
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
In summary: We aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, the transmission of personal information to and from our Sites is at your own risk. You should only access the services within a secure environment.
In summary: We do not knowingly collect data from or market to children under 18 years of age. All mindfulness services provided for or related to children or schools are done so only with the express permission of the appropriate parent, guardian or educational establishment.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Sites, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Sites. If we learn that personal information from users less than 18 years of age has been collected that has not been provided by a consenting parent or guardian, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at email@example.com.
In summary: Our company is based in England so we work under UK law. This means we collect and process data in accordance with the EU General Data Protection Regulation and UK Data Protection Act 2018. This gives you various rights around the data outlined below.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
In summary: Yes, we will update this policy as necessary to stay compliant with relevant laws or due to changes in which we process information.
Contact us with your complaint:
If you have questions, comments or complaints about this policy or how we’ve handled your data, you may contact West Midlands Fire Service, by email at email@example.com, by phone at 03300 589000, or by post to:
West Midlands Fire Service
Take it further
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk