Subject Access Requests
During the coronavirus pandemic, Northamptonshire Fire and Rescue Service will continue to receive and respond to information requests as best we can. This may take longer than one calendar month to supply the information but we will communicate this with each requester.
The handling of these types of requests are understandably not a priority for the Service during this critical time. This is supported by the Information Commissioner’s Office (ICO) who have advised the public to expect possible delays to any Freedom Of Information (FOI) or Environmental Information Regulation (EIR) requests made to a public body as we divert our resources to help with the crisis affecting the country. We will endeavour to respond within 20 workings days where we can and will communicate any delays accordingly.
We apologise for the inconvenience this may cause and thank you for your understanding.
Northamptonshire Fire and Rescue Service “hereafter referred to as “NFRS” is committed to protecting your personal data when you use our services. This privacy notice explains how the Service uses information about you and how we protect your privacy. The processing of personal data is governed by the General Data Protection Regulation 2016 (the “GDPR”).
The data we may collect about you
To deliver our services effectively, we may need to collect and process personal data about you. Personal data refers to any information with which a living individual can be identified. Individual identification can be by the information alone or in conjunction with other information in the possession of the ‘The Authority’.
Types of personal data
- Individual details : Name, address, other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment and training history, family details including their relationship to you, it can be any combination of the data above that can identify a living individual
- Special categories of personal data: Certain categories of personal data have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric or data concerning sex life or sexual orientation.
Why we collect your personal information
We process personal information to enable us to undertake prevention, protection and emergency services to the communities that we serve. Personal data can be collected particularly for firefighting and emergency services which includes managing responses to fire, incidents and traffic accidents, maintaining our own records and accounts including the management of fire service assets. To summarise the reasons why we collect personal data include:
- managing responses to fire
- incidents and traffic accidents
- Fire Prevention, (awareness, advice and guidance)
- Fire investigation
- Carrying out home safety visits for employment and staff training purposes
- Checking the quality and effectiveness of our services
- Investigating any concerns or complaints about our services
- Research and planning of new services
- Emergency contact information
- Agreements you may have with the fire and rescue service
We also process personal information using a CCTV system to monitor and collect visual images for the purpose of security and the prevention and detection of crime.
NFRS as part of the national framework and are required to forward statistical information to government agencies but this data has no personal or identifiable individual data within the information provided.
Where might we collect your personal data from?
- Your family members, employer or representative
- Other public bodies such as the police, ambulance service, local councils and the NHS
- Other organisations such as companies who you have given permission to share your information for security or key holding purposes
Legal basis for processing your personal data.
- We have the right to process your personal data if at least one of the following applies:
- Processing is necessary for carrying out legitimate public duties of a Fire and Rescue Service as defined in the Fire and Rescue Services Act 2004
- Explicit consent is required for carrying out incidental activities that help us in carrying out our public duty of improving, protecting and saving lives
- Processing is necessary for collaborating with public organisations such as the police and ambulance service in undertaking public safety functions.
- For recruitment, employment, social security purposes or a collective agreement
- Processing is carried out by a non-profit body with a political, philosophical, religious or trade union aim provided:
- processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
- There is no disclosure to a third party without consent.
How do we keep your information secure?
We are committed to ensuring that your personal data is safe. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information that we hold about you. These include:
- Secure work areas
- Information security awareness for our staff
- Access controls on all systems
- Encryption of personal data
- Testing, assessing and evaluating the effectiveness of technical security controls
Who will we share your personal information with?
We may engage the services of commercial companies to store and manage your information on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or an information sharing agreement in place to ensure that the requirements of the GDPR on handling personal data are met. We may share your personal information with third parties that are commissioned to train our staff or volunteers.
Sometimes, it is in line with our legal duties and in the interest of public safety to share information with other organisations such as the police, the NHS or social services. We may also share your personal information when there is a justifiable public safety and security reason. Examples are:
- For the investigation, detection and prevention of crime or if we are required to do so by law
- Helping the police and relevant authorities to identify trends and issues relating to fires
- If there are serious risks to the public, our staff or other professionals
- To protect children or vulnerable adults
Where necessary or legally required we share information with:
- family, associates and representatives of the person whose personal data we are processing
- current, past or prospective employers
- suppliers and service provider
- public utilities
- insurance companies
- legal advisers
- healthcare and welfare organisations
- persons making an enquiry or complaint
- police forces
- security organisations
- local and central government
- press and the media
- law enforcement and prosecuting authorities
- public utilities
- insurance companies
- educational establishments
- financial organisations
- educators and examining bodies
- trade unions and staff associations
- credit reference agencies
- debt collection and tracing agencies
- Coroner’s Office
How can you access the information we hold about you?
You have the right to request all the information we hold about you when we receive a request from you in writing this we will refer to a subject access request.
- We would normally give you access to everything we have recorded about you.
- We will respond to your request within a calendar month, initially by requesting evidence of who you say you are is verified.
- Once confirmed we will provide either all the information or advice you that the information one has requested may take longer (for this purpose we can request a further 40 days to comply.
- Once the data is ready we will confirm the secure way for access.
This applies to paper and electronic records. However, we will not share any parts of your details which contain:
- Confidential information about other people or
- If it is in the interest of public safety and security to withhold that information from you.
Your rights and your personal data
Subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which the “NFRS” holds about you;
- The right to request that the “NFRS” corrects any personal information if it is found to be inaccurate or out of date;
- The right to erasure of your personal data where it is no longer necessary for the “NFRS” to retain such data;
- The right to withdraw consent to the processing of your data at any time;
- The right to request that the “NFRS” to transmit your data another organisation where applicable.
- Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction is placed on further processing;
- The right to object to the processing of personal data where applicable. However, as the “NFRS” will mainly be processing data based on the performance of a statutory duty in the public interest, there are limits to this right.
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Of you would like to speak to us regarding a Subject Access Request please contact our Service Information Team on email@example.com or 01604 797000.
Please address your enquiry to our Data Protection Officer, who is the Service Information Manager.
Any complaints will be addressed by the NFRS Service Information Manager and could be escalated to the Chief Fire Officer. If you do not get appropriate response to your query/complaint you can contact the Information Commissioners Office at ico.org.uk, Tel: 0303 123 1113 or via email firstname.lastname@example.org, https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
There are two ways in which we collect private information via our website:
- Online and downloadable forms
There are a number of forms on our website:
- Online forms
- Online surveys
- Downloadable forms
These forms allow users to contact us without the need to send an email. Our website is secured and the information sent via an online form is encrypted and stored securely.
Cookies for online users
To make this site simpler, we sometimes place small data files on your computer. These are known as cookies. They improve things by:
- Remembering settings, so you do not have to keep re-entering them whenever you visit a new page
- Remembering information you have given so you do not need to keep remembering it
- Measuring how you use the website so we can make sure it meets your needs
By using our website, you agree that we can place these types of cookies on your device. Cookies are not used to identify you personally. They are just here to make the site work better for you. You can manage and/or delete these small files as you wish.
The Information Commissioner’s Office (ICO) provides help and advice on this and suggests another website, www.allaboutCookies.org which has more information about Cookies, how they are used and how they can be managed.
There is a lot of information available but it all boils down to:
Cookies are not:
- Used for intrusive spying
However Cookies are:
- Simple text files – anyone can view their contents using a text editor or word processor
- Designed to make using websites easier
So how do Cookies work?
Then, whenever you visit that website your computer will check to see if it has any of its Cookies. If it does, the Cookie’s information is sent back to the website.
The website then ‘knows’ that you have been there before and ‘remembers’ how you like to use it.
(You will notice this in action if you visit a website that displays something like “Hello XXXXXX, welcome back”.)
Cookies are used in a huge number of ways but generally they might record:
- How long you spend on each page on a site
- The links you click
- Your preferences for page layouts and colour schemes
They are often used for online shopping and most shopping websites would be much more difficult to use without Cookies.
If you choose not to allow Cookies some websites will not look so good or work so well. You may find that menus stop working and that you can’t easily move around the site.
You should have no worries about security when using Cookies as there is no personal information stored in them.
You can block the use of all Cookies and then allow their use for websites that you select.
Each browser goes about this slightly differently and you should check out your browser’s options.
To find out more about Cookies, including how to see what Cookies have been set and how to manage and delete them, visit www.allaboutCookies.org
Please note that we are unable to give advice on the use of browser specific settings.
The Cookies in use at any given time will depend on the features that are currently in use.
Cookies set by other websites
You will find a number of YouTube videos embedded across our website.
To do this we use YouTube’s privacy-enhanced mode which may set Cookies on your computer when you click on a YouTube video.
However, YouTube will not store personally-identifiable Cookie information for playbacks of embedded videos.
How long do we keep your personal data for?
We only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data – and whether we can achieve those purposes through other means – and the applicable legal requirements.
You may ask to have your personal details removed by contacting:
Park Farm Industrial Estate