CFB Privacy Policy

Cleveland Fire Brigade, a Registered Data Controller (Registration Number: Z4782924) on behalf of Cleveland Fire Authority, are committed to protecting your personal data and privacy. We recognise that ensuring the accuracy and security of your personal data is essential to retaining your confidence and trust. The information you provide to us will only be used for the purposes that you provide it and will never be used for third party marketing.

This Privacy Policy explains how we collect, use and protect your personal details.

Why do we collect your information?

We collect your personal information to allow us to carry out the various business functions such as;

  • Responding to 999 calls, Fire Fighting, Road Traffic Collisions and Other Emergencies
  • Completing home and business risk assessments
  • Fitting smoke alarms
  • Identifying those at greater risk of fire and providing practical fire safety advice
  • Running education / training programmes for young people
  • Responding to telephone and written enquiries.
  • Information about Employees

We also collect personal information you volunteer to give us, when completing job applications, information requests, consultations and community engagement exercises.

How will we use the information about you?

How we use your information depends on which of our services you have used. We have to hold the details of people who have requested a ‘service’ from us in order to provide them with that service and for other closely related, legitimate purposes.

Sharing your information

We have a responsibility to promote social wellbeing. To do this we work with key agencies / partners engaged in work related to community safety and wellbeing. Under these arrangements we have a duty to share or receive information where we think that action may need to be taken to safeguard the communities we serve.

However, in almost all cases where information is shared, we will have obtained your consent to share. The exception where we may share without asking you is; if we have a legal duty or power to share information with other statutory bodies.

Decisions will be made on a case by case basis.

How do we keep this information secure?

All information collected and held, is securely stored on servers located on Cleveland Fire Brigade’s network and access is given on a role requirement basis. We have robust policies and procedures that staff adhere to. All staff receive data protection training, refreshed annually.

Your Rights

The Data Protection Act / GDPR gives you a number of rights relating to your data. These rights include being able to request a copy of the information we hold about you.

If you would like a copy of some or all of your personal information, please email or write to us using the details contained in ‘How to contact us’ section of this document.

You may ask us to correct or remove information you think is inaccurate.

You can find out more about your personal data rights at the Information commissioner’s Office website. The Information Commissioner is an independent regulatory body protecting individual data rights.

Requesting Access to personal information

Individuals can find out if we hold any personal information by making a Subject Access Request

If we do hold information about you we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to
  • let you have a copy of the information in an intelligible form.

Visitors to our website

Our website automatically blocks cookies, unless you allow them. These cookies collect standard internet log information and details of visitor behaviour patterns. We collect this information in a way which does not identify anyone and we do not make any attempt to find out the identities of those visiting our websites.

Other websites

Our website contains links to other websites. This privacy policy only applies to Cleveland Fire Brigade’s website, so when you link to other websites you should read their own privacy policies.

Complaints

We encourage people to bring to our attention any instances where they think our collection, or use of, information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. A copy of our Complaints Policy can be found here.

Changes to our Privacy Policy

We keep our Privacy Policy under regular review and we will place any updates on this webpage. This Privacy Policy was last updated in April 2018.

How to contact us

Please contact us if you have any questions about our Privacy Policy or information we hold about you. We can be contacted using the details below:

Data Protection Officer ICT Department

Cleveland Fire Brigade Headquarters Training and Administration Hub Endeavour House

Queens Meadow Business Park Hartlepool

TS25 5TH

Email: info@clevelandfire.gov.uk

Policy Details:

Responding to 999 Calls, Fire Fighting, Road Traffic Collisions and Other Emergencies:

What Information do we collect?

The personal information we are likely to collect during a 999 call or at an incident include;

  • Caller’s telephone number and name where required
  • The address of the incident, which may be the address of your property
  • Injured parties name, injuries, details of any medical support given, age and gender

We may need to collect and use sensitive information, such as health details, where this is necessary to meet our obligations.

All calls that are made in and out of our control room are recorded, including 999 calls.

They are recorded so that they can be played back if clarification is needed and are sometimes used as evidence in court cases. No warning is given that the calls are recorded at the time of making the call as this would obviously cause delay in an emergency situation.

Purpose of Processing

Cleveland Fire Brigade have a statutory duty to extinguish fires and protect life and property in the event of fire and road traffic collisions. We also have a responsibility, where necessary, to attend emergencies other than fires and road traffic collisions.

In order to make arrangements to respond to an incident we are required to obtain certain information. At the incident, we will also collect details of injured parties. We may collect medical information to support the ambulance service in providing care to you, in order to protect your vital interests.

Lawful Basis for Processing

It is a legal obligation under the Fire & Rescue Services Act 2004, for us to make arrangements for dealing with emergency calls for help and summoning personnel. If we did not collect and use this information, we would not be able to effectively provide an emergency response.

How We Use This Data

When you call 999 we collect and use your details and information regarding the incident to assist with our duty to protect and preserve life and deal with incidents that cause or likely to cause harm to the environment. At the incident, we will collect details of injured parties.

Information regarding the incident is shared with operational crews to help assist with deployment and their response. Verbal and electronic messages will continuously be relayed between operational crews and control to ensure an effective response to the incident is provided.

During a response to an incident, information may be passed to partner agencies who are also attending, such as other emergency services.

We also have powers to investigate causes of fires, and any information gathered during the emergency call could be used during the investigation.

Retention of Data

How long we retain the information depends on the purpose it was collected for. We keep:

  • Call recordings for current year plus five years.
  • Incident data on the mobilising system for current year plus ten years.
  • The information on the Incident Recording System is held indefinitely allowing the Home Office analysts to perform useful longer term trend analysis into the drivers of change.

Completing Business Risk Assessments:

Purpose of Processing

Fire Safety Audits:

Under the Regulatory Reform (Fire Safety) Order 2005, the responsible person must carry out a fire safety risk assessment and implement and maintain a fire safety management plan.

We have a statutory duty to enforce the requirements of the Order and one of the ways we do this is to carry out fire safety inspection work in non-domestic buildings. That work will entail identifying and working with the responsible person.

Once we have identified the responsible person, we will keep a record of their name, contact details and all correspondence and documentation completed for the purpose of the audit or managing a fire safety complaint we’ve received. We may also keep a record of any other person providing us with the information i.e. a manager.

Site Specific Risk Information:

The Fire & Rescue Services Act 2004, places a duty on a Fire Service to obtain and provide information as part of its provision to deal with fires and other emergencies. This information is used by operational personnel during an incident to provide an effective response as well as to safeguard them and the community.

This type of information is normally referred to as ‘risk information’, and to obtain it we identify premises that could pose a risk and undertake an assessment of those risks. During this process the personal information collected would be contact details so we have a point of contact.

Lawful Basis for Processing

The Regulatory Reform (Fire Safety) Order 2005 gives us the authority to go into non-domestic buildings to check the fire safety provisions and procedures.

The Fire & Rescue Services Act 2004, places a duty on a Fire Service to obtain and provide information as part of its provision to deal with fires and other emergencies.

How We Use This Data

Fire Safety Audits

If we consider that the responsible person has failed to comply with any provision of the Regulatory Reform Order, we may consider taking further action. If a fire risk is present, depending on how severe the fire risk is, we can take enforcement action to ensure that the fault is corrected and the risk is eliminated. In certain circumstances we will investigate and prosecute for fire safety failings. Relevant details about the responsible person and (possibly employees) may be gathered from other agencies as part of the investigation process.

Site Specific Risk Information:

Site Specific Risk Information, is used by operational personnel during an incident to provide an effective response as well as to safeguard them and the community. The non-personal information collected helps us during an incident, and would include items such as type and construction of any buildings, occupancy rates, additional hazard details such as type and volume of chemicals or cylinders stored on the site, access and egress routes for fire service vehicles. If classified as a heritage risk, then information can be collected on artefacts to be salvaged. These would only be included with the owner’s consent.

Retention of Data

Fire Safety Audit information is kept for 10 years and then reviewed for destruction. Site Specific Risk Information is kept until superseded.

Fitting Smoke Alarms:

Purpose of Processing

The information we collect is needed to enable us to visit you (e.g. your address) and to then carry out the purpose of the visit (providing advice).

The visit takes place, upon request, and the information that is collected is used by us is to provide the requested service.

Lawful Basis for Processing

To meet our obligations under the Fire and Rescue Services Act 2004. These obligations include promoting fire safety, reducing yours and others risks from fire, providing advice on actions to take in the event of a fire and safeguarding our community by improving yours and others safety.

How We Use This Data

We use your name and contact details to arrange the visit. Where you have completed a pre-visit questionnaire, this information is used to determine the priority of the visit.

During the visit we will ask fire safety related questions

We will make a record of your responses, and document anything we’ve seen that relates to the questions and the purpose of the visit.

The information we collect during the visit will be used;

  • To provide appropriate services to protect your safety or the safety of others.
  • To record and evaluate outcomes of the activities the Fire Service have provided into our internal database,
  • For statistical purposes to analyse activity, identify any trends and provide anonymised statistics to the Home Office on the total amount of visits that have been undertaken.

Retention of Data

A record of the visit and fire safety information will be kept for ten years.

If we aware of a change of householder, the previous householder information will be deleted.

Identifying Those at Risk and Providing Practical Fire Safety Advice:

Purpose of Processing

Cleveland Fire Brigade works in partnerships with local agencies to promote health and wellbeing. The Safe and Well Visit is part of a joined up programme with health partners across Teesside to keep residents safe and well in their homes.

Lawful Basis for Processing

Cleveland Fire Brigade works in partnership with Local Health Providers and will use your data to promote and protect your health and wellbeing. The Care Act 2014 makes provision for Co-operation between agencies and the passing of necessary data in order to protect your interests.

How We Use This Data

We use your name and contact details to arrange the visit. Where you have completed a pre-visit questionnaire, this information is used to determine the priority of the visit.

The Safe and Well visit includes questions and observations around;

  • Smoking
  • Slips, trips and falls
  • Wellbeing
  • Loneliness
  • Deaf alarm requirements

This helps us assess risk and provide the necessary advice and support. We will make a record of your responses, and document anything we’ve seen that relates to the questions and the purpose of the visit.

We will also keep a record of referrals made and the reasons why. The information we collect during the visit will be used;

  • To provide appropriate services to protect your safety or the safety of others.
  • To record and evaluate outcomes of the activities the Fire Service have provided into our internal database, including any referral information
  • For statistical purposes to analyse activity, identify any trends and provide anonymised statistics to the Home Office on the total amount of visits that have been undertaken.

If we make a referral your information will be shared. Protecting your personal information is vital to us, so appropriate security measures are in place to ensure it is shared securely and we only share what’s necessary to meet the purpose of the referral. In the majority of cases we will not disclose (pass on) your personal information without your agreement and you will be informed at the time of the referral.

There are occasions where your personal information can be shared without your consent; if we have a legal duty or power to share information with other statutory bodies when the public good is considered to be of greater importance than personal confidentiality.

Decisions will be made on a case by case basis.

Retention of Data

Responses to safe and well visits are kept for up to three years.

Running Education / Training Programmes for Young People:

Purpose of Processing

As part of the Youth Employment Initiative, Cleveland Fire Brigade runs various programmes to engage with and support young people in the area.

In order to facilitate this, we need to collect and process personal data for the programme members. We also work closely with referral agencies to compile a comprehensive portrait of the student.

Lawful Basis for Processing

When someone joins the programme, we collect and process the data in order to deliver the programme that best meets their needs. Data is collected by signed consent as part of a contract.

How We Use This Data

The following data is collected:

  • Name / Address
  • Individual Personal Circumstances
  • Criminal Convictions / Community Order
  • Course attendance / outcomes
  • Completed work for course evaluation / assessment

This data is used to provide evidence of attendance, qualifications, achievements and progress during the programme.

It can be shared with the referring agency (if any) with the consent of the individual participant.

Retention of Data

This data is retained for three years following completion of the programme. Data that refers to criminal convictions/community orders are only kept for the duration of the course as this is a risk factor for staff working with the students.

Responding to Telephone and Written Enquiries:

When you contact Cleveland Fire Brigade we may collect certain information as provided by you, depending on the nature of your enquiry. This will be kept to the minimum necessary in order for us to respond to your enquiry.

Purpose of Processing

In order for Cleveland Fire Brigade to respond effectively to your enquiry we may need to collect some basic information about you. This may include:

  • Your Name
  • A means of contacting you (Telephone, e-mail or postal address)
  • The nature of your enquiry

This information allows us to process your request and deliver an appropriate response.

Lawful Basis for Processing

By presenting us with the contact details, you are consenting to Cleveland Fire Brigade using them for the specific purpose of processing and responding to your enquiry.

How We Use This Data

This data will be passed to the most appropriate person to deal with your enquiry and they will use it to direct their response back to you.

Your personal data will not be passed to anyone outside Cleveland Fire Brigade without your consent.

Retention of Data

Most data of this nature is retained for the lifetime of the contact and then destroyed. Where a formal response is required we keep the data for a year, archive it for a further year and then delete it.

Information about Employees:

As an employer, Cleveland Fire Brigade is required to record a range of information to ensure that it meets legal and contractual obligations.

Current employees can access the employee privacy policy on the Brigade Intranet (FiSH).

Pension Information

Non-operational staff are members of the Local Government Pension Scheme and will need to contact their pension provider directly.

Operational staff should read the specific Privacy Notice here.

Purpose of Processing

In order to manage the contract between the employee and Cleveland Fire Brigade it is necessary to collect and process a range of personal information:

Lawful Basis for Processing

The processing is necessary for the contractual obligations of both parties.

How We Use This Data

Once you have left the Brigade, the data is archived for the statutory periods.

Retention of Data

All HR information is retained for 6 years after the end of your employment, apart from the exceptions below:

  • Occupational Health Data – 40 Years from date of last entry
  • Medical Data – 40 Years from date of last entry
  • Medical Data relating to Ionising Radiation – 50 Years