Privacy

Avon Fire Authority (operationally known as Avon Fire & Rescue Service ‘AF&RS’) is a Data Controller, as we determine the purposes for how we collect and use your personal information so we can carry out our public duties. To we comply with the UK General Data Protection Regulation (UK-GDPR) we have a Data Protection Officer, whose contact details are: 

Lucy Jefferies – Data Protection Officer 
Avon Fire and Rescue Service 
Police and Fire Headquarters 
PO Box 37 
Valley Road 
Portishead 
Bristol 
BS20 8JJ 

Email: [email protected]  
Phone: 0117 926 2061 

We (AF&RS) collect, process and hold personal information about you to provide public services associated with that of a Fire & Rescue Service and as an employer. This Privacy Notice explains how we use and share your information. Information about you may be collected on paper, online, by telephone, email, by a member of our staff, or one of our partners, or images captured on CCTV. 

We will continually review and update this Privacy Notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. 

Why do we collect information about you? 

We need to collect and hold information about you to: 

How we keep it safe 

Our aim is not to be intrusive, and we won’t ask irrelevant or unnecessary questions.  The information you provide will be subject to rigorous physical, electronic and administrative security measures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t see it and to protect against unlawful processing, accidental loss, destruction and damage both online and offline. 

We have a collection of policies and procedures, including Data Protection and Information Security policies which define our commitment and responsibilities to your privacy. We provide training to staff that handle personal information and treat it as a disciplinary matter if they misuse or do not look after your personal information properly.  

We will not keep your information longer than it is needed or where the law states how long this should be kept.  We will dispose of paper records or delete any electronic personal information in a secure way. 

The information you provide to us will be held on a server in the United Kingdom and may be accessed by our staff, third parties (including our business partners), government bodies, law enforcement agencies and suppliers we engage to process data on our behalf or who act for us for the purpose set out in this statement. 

Privacy notices 

Why we collect and use this information 

The information we collect, hold and process is to enable us to perform our function as a Fire & Rescue Service and, as your employer, manage our relationship with you effectively, lawfully, and appropriately whether it is during the recruitment process, while you are working for us, when your employment ends, or after you have left the organisation.  

It enables us to comply with your Employment Contract (Statement of Particulars), any associated Schemes of Conditions of Service and negotiated terms, Service policies, any legal requirements (such as Employment Law, Health & Safety Law and Taxation), and to pursue our legitimate interests. 

We will try to process your personal data in line with your reasonable expectations, and ensure any processing is fair, lawful, and transparent, and is in line with Data Protection legislation. 

Types of data  

The personal data we collect, process, hold, and share include information about members of our staff – former, current, temporary contracts, interns, anyone seconded to us, or anyone on our payroll.   

Personal data can be held in electronic, paper, or any other accessible format (documents, emails, forms, images, voice recordings, etc.). 

This means we hold information about you to manage the employment relationship, including your name, your contact details, employment history and references, your CV/job application, any health & welfare information (for occupational health purposes), any equalities information you may have provided, payroll and pensions data, training requirements, letters and correspondence about your employment, and your absence and leave records. 

Your name or some of these other details may also appear on Fire Service reports, lists, registers, papers, and systems when referring to your actions as an employee. 

How we collect it

Most of the information we hold has been provided by you, with the rest generated by internal processes such as your line management. We may in some cases also hold information from external sources, e.g., your references or the results of your security check. 

Our IT Acceptable Use Policy and other related Service policies mean we may audit your IT activity and transactions for Information Communications Technology (ICT) infrastructure, network, and information security purposes, so we may hold your information in emails or documents you’ve written or saved. 

More detailed examples of the reasons why we collect and use your information  

  • to recruit and promote (including vetting and law enforcement checks); 
  • to administer and provide terms and conditions of employment, payroll and pension services, staff benefits and other staff schemes, the use of our facilities, and supporting Human Resources, Finance, Resource Planning and Learning & Development functions; 
  • to meet our statutory obligations e.g., Employment Law, Tax and National Insurance deductions, equalities monitoring, Health, Safety & Welfare (HSW), staff fitness and safeguarding reporting; 
  • to ensure you are fully trained and equipped to carry out your role; 
  • to manage your wellbeing (including health data) and security; 
  • to provide information about the workforce or individuals (e.g., Occupational Health reports, and other employment processes) to make management decisions and ensure the efficient running of AF&RS; 
  • to make any external reports we are required to do, such as reporting to central Government or other Authorities; 
  • to ensure Service policies are being adhered to and to support good governance; and 
  • to ensure Business Continuity processes are effective. 

Civil Contingency planning 

We may process your personal data for contingency planning purposes, but only when it is fair and reasonable so that we can perform our public task duties as a Fire & Rescue Service, to fulfil our duties under the Civil Contingencies Act 2004, to support our partners, and for public health reasons in times of crisis (such as the COVID-19 national pandemic).   

We will seek your consent and notify you when sharing your personal data with our partner agencies unless the law permits us to do so without notifying you. 

Our lawful basis 

To comply with the lawfulness of processing which is required under the UK General Data Protection Regulation (UK-GDPR), we ensure any processing meets at least one of the following criteria: 

  • With your consent, such as data that identifies you and your consent to use your personal mobile phone number and/or home address for a targeted SMS text messaging service, or for the provision and processing of equality monitoring information.  
  • For the performance of a contract, such as your Contract of Employment/Statement of Particulars or the steps needed to enter a contract, to help us manage your employment and make sure both parties uphold their roles and the negotiated terms and Service policies. 
  • For compliance with a legal obligation (including common law and Statutory obligations) AF&RS is subject to, such as Employment Law, Health & Safety Law, Taxation, and other legislation we must comply with as your employer. 
  • To protect your vital interests if we need to get you emergency medical attention. 
  • For the performance of a task carried out by the Service in the public interest, for the exercise of our official authority vested in us as set out by UK law, such as to carry out our obligations under the Fire Services Act 2004 and other associated legislation. This covers the use of data for internal and external management reporting, financial modelling and planning, management of workforce data, the development of better staff retention, recruitment policies and insurance management. 
  • Where we or a third party may have a legitimate interest in the processing of your personal data (which does not fall under any of the other lawful processing conditions cited above). Where this is necessary, we will ensure your data rights are always considered. An example of this type of processing would be the collection of your vaccination information considering the recent COVID pandemic. 

Special Categories (sensitive) personal data  

Special Category personal data is afforded extra protection under the Data Protection legislation. When we process these types of data, there are additional criteria we need to meet.  The main ones within UK-GDPR which apply in an employment capacity are: 

  • when we have obtained your explicit and written consent; 
  • when it is necessary for carrying out our obligations under Employment Law 
  • for protecting your vital interests in an emergency if you were incapable of providing your consent; 
  • when it is necessary for us to establish or defend a legal claim; 
  • when processing is necessary for reasons of substantial public interest, which includes the work we do as a Fire & Rescue Service; and 
  • when it is necessary to retain data for archiving, statistical and historical purposes in the public interest, however, where practical we will anonymise the data. 

In addition to the above, when processing Special Category personal data, we ensure it also meets the conditions set out within the Data Protection Act 2018, which are similar to the above, there include: 

  • employment, health and research purposes; 
  • substantial public interest, such as for Statutory and Government purposes; 
  • equality and opportunity of treatment; 
  • preventing and detecting unlawful acts, protecting the public against dishonesty, and fraud; 
  • counselling; 
  • safeguarding; 
  • insurance; and 
  • occupational pensions.  

Health Data 

We may process your health and welfare information and may share it externally with our occupational health provider and other medical practitioners, to support your health and welfare, monitor sickness absence, and ensure you are physically competent to fulfil your role. 

There is some Special Category data we don’t collect, hold, or process – mainly any information relating to your political opinions, or your biometric and/or genetic data.  

Storing it 

Some of the following places are used to store information, subject our existing Information Security controls and policies: 

  • Personal Records File (PRF) 
  • Firewatch (integrated HR, RPU and Learning & Development system) 
  • MOST (employee maintenance of skills) 
  • E-Learning platforms 
  • Payroll system  
  • Pension system (administered by West Yorkshire Pension Fund)
  • Occupational Health Service Provider’s electronic system  
  • OSHENS (Wellworker Health, Safety & Welfare system) 
  • Return to work and attendance records 
  • Guide for Assessment (GFA) database (feedback booklet for operational internal promotions process) 
  • Personal Development Review system (ePDR) 
  • In house registers and spreadsheet trackers, for various processes such as long-term sickness, long term modified and pregnancy/maternity cases, discipline and grievance cases, and register of discipline outcomes 
  • CCTV, video, voice recordings, and photograph libraries 
  • Outlook email system  
  • Dedicated drives within the IT network, and IT systems managed by departments that routinely process personal data 
  • Employee contact and staff operational data (held by Service Control) 
  • Everbridge Critical Communications System, for automated SMS text messaging service 
  • AF&RS premises access control systems 
  • Driving licence verification providers and DVLA checks 
  • Disclosure & Barring Service (DBS) and providers of services  
  • Various Service approved IT platforms, such as staff internet, AF&RS main website, Microsoft Teams, and social media sites such as Workplace, Yammer, AF&RS Facebook and Twitter accounts 

Details of how long we keep information are in our Retention Schedule. 

Information sharing  

We will disclose your information to third parties if we are legally obliged to do so, or if we need to comply with our contractual duties to you, or if that third party is providing a service on our behalf e.g., payroll provision. 

If we have an agreement with a third party to process personal data on our behalf, they will have written instructions, be under a duty of confidentiality, and will be obliged to implement appropriate technical and organisational measures to ensure data security. 

Some of the organisations we may share your data: 

  • Payroll and pension providers 
  • Providers of staff benefit schemes 
  • IT helpdesk provision 
  • Legal advisors on employment matters 
  • DVLA and driving licence verification services 
  • Insurance providers 
  • His Majesty’s Revenue & Customs (HMRC) for tax purposes 
  • Auditors 
  • Government Departments (normally statistical and anonymised) 
  • Equalities monitoring organisations (normally statistical and anonymised) 
  • Avon & Somerset Constabulary / Police & Crime Commissioner within their capacity as landlord for our staff sited at HQ 
  • Police & Fraud Officers, National Fraud agencies (under our legal duty to ensure the protection and detection of crime) 
  • Statutory organisations (where we have a legal obligation to report certain events concerning employees, e.g., the Health & Safety Executive for RIDDOR adverse H&S events), 
  • Partner agencies for public sector collaborative working arrangements, and to fulfil our duties to deliver a Service to the public when attending emergency incidents, preventative fire safety and public welfare work, and training (i.e., working with the Police, Ambulance, local councils and agencies, other Fire & Rescue Services and local community organisations) 
  • Staff welfare providers 
  • Trade unions or other representative bodies if you have told us, you are a member 
  • Other providers of employee services, based on AF&RS duty to fulfil a public task or our legitimate business interests (i.e., providers of staff training, equipment and vehicles, workwear and PPE) 
  • Organisations acting on your behalf, such as solicitors or mortgage companies asking for confirmation of employment and salary details (they must provide a letter of authority and any other necessary documents before we will release any of your personal data to them). 

Your data rights 

Please refer to the your data rights section.   

Why we collect and use this information 

To ensure that we meet our statutory obligations for fire prevention under the Regulatory Reform Fire Safety Order (RRFSO) 2005 and Fire Services Act 2004 

Types of data 

Name and contact details for the following categories of data subject: 

  • responsible person of a business/commercial premises (on behalf of the business/organisation in question) 
  • landlord / property owner 
  • licensee held under various the Licencing legislation 
  • those subject to prosecutions under the Regulatory Reform Fire Safety Order (RRFSO) 2005 and Fire Services Act 2004 
  • members of staff that work on behalf of 3rd party organisations involved in the business fire safety process (such as councils, surveyors, architects, solicitors, law enforcement bodies and other agencies) 
  • members of the public that raise business fire safety concerns or who may contact us for advice 

How we use it 

  • Carry out business/commercial premises audits and inspections 
  • to deal with public concerns and advice regarding fire safety 
  • Issue RRFSO notices for alternations, prohibitions, enforcement and prosecutions (including Simple Cautions), which is publicly available via the National Fire Chiefs Council (NFCC) website’s Enforcement Register   
  • under various Licensing legislation, Avon Fire Authority is nominated as an interested party, which may require us to conduct a premises audit in some circumstances  
  • deliver fire safety advice and practices 
  • ensure that our premises records remain up to date 

Any personal information obtained for the purpose of carrying out fire safety activities will only be used for this purpose unless other legislation dictates, or further processing is necessary for the performance of a task carried out in the public interest or for Avon Fire Authority (AFA) to exercise its official duty as a public function. 

In the event of any investigation of fraud or other criminal activity, the Authority has a duty to disclose personal data to the relevant authorities and/or external providers (such as legal representatives) appointed by the Authority. 

How we collect it 

Any personal information obtained for this process will be either provided by the individual themselves, from the organisation subject to the business safety activity or from other legitimate sources.  Any written correspondence that is sent in relation to business safety activities will signpost to the addressee where they can obtain a copy of this Privacy Notice and related policies. 

Our lawful basis  

Our lawful reason to collect and use this personal information is that it is necessary for the performance of a task carried out in the public interest or for Avon Fire Authority to exercise its official duty as a public function (UK-GDPR Article 6 (1) e)) for the delivery of: 

Storing it 

Any personal information will be held electronically against the premises ID on our Community Fire Risk Management Information System (CFRMIS).  The retention of this data will be dictated by the reason for its use, such as complaints / concerns against a landlord will be retained for 6 years, or once the information is no longer relevant for purpose, such as change in contact details for responsible person, our systems will be updated accordingly.  
 
Prohibitions and enforcements will remain on our records and on the National Fire Chiefs Council (NFCC) website until they are complied with or lifted, they will then remain for 3 years. 

Any personal data held for the purpose of Simple Cautions will be retained by the Authority for 6 years in line with the Authorised Professional Practice (APP) management of police information guidelines and Criminal Procedure & Investigations Act (CPIA). 

Any personal information held in emails, letters or other paper files will be scanned into the above system against the premises ID and paper copy securely shredded. All information security controls, document retention and practices are as per the associated AF&RS policies. 

Information Sharing 

  • Any other organisations involved in the business fire safety process, to include (but is not limited to) Councils, surveyors, architects, solicitors, Law Enforcement bodies, Licencing bodies and other agencies. 
  • National Fire Chiefs Council (NFCC) website for the publishing of the Authority’s public register.  Please refer to their website for their own Privacy Notice. 

Your data rights 

Please refer to the your data rights section.

Under some circumstances, individuals who are subject to legal proceedings are unable to exercise all of their data rights, such as objection to processing and data erasure. 

If an individual is no longer acting as the Responsible Person for that organisation, or if the premises’ landlord has sold the premises in question, please contact a member of the Business Fire Safety team using our business safety webform or by using the contact details below.

Phone: 0117 926 2061, extension 8400

write to:

Business Fire Safety Team
Avon Fire & Rescue Service
Patchway Fire Station
Rodway Road
Patchway
Bristol
BS34 5PE 

Why we collect and use this information  

We have CCTV installed outside our buildings and fire stations for public and staff safety, crime prevention through deterrence and detection, and for accident and incident investigation. 

We have mobile CCTV on AF&RS operational vehicles for the purpose of staff health & safety and for our own insurance. We also have vehicle data recorders used for identifying engine emissions, fuel consumption, vehicle mileage and driving hours. This equipment provides a pool of learning experiences for training purposes that we can use to assist in improving operational tactics and command, and for reducing insurance claims and associated insurance premiums where possible. 

All buildings where CCTV is fitted display awareness signs, and there is signage on those Service vehicles that have mounted CCTV equipment. 

Type of data 

CCTV footage of individuals, who can be identified by the footage, is classed as their personal data, as they are the data subject. This means anyone who visits our sites and our, whether staff members and agency staff, contractors, or members of the public, and our caught on our CCTV will be the data subject. 

We do not perform covert surveillance.  

Our lawful basis 

The Fire and Rescue Service Act 2004 makes it a requirement to secure the provision of the personnel, services and equipment necessary to efficiently deliver a Fire and Rescue Service. We also have an obligation to safeguard our employees, and to comply with Health & Safety legislation. 

Under the UK General Data Protection Regulation (UK-GDPR) 2016, our lawful basis on which we collect and use this information depends on the reason for its use: 

  • it is necessary for the performance of a task carried out in the exercise of our official authority as a Fire and Rescue Service (Article 6, (1) (e)) to facilitate our operational staff training, operational tactics, efficient/safe use of Fire Service resources and equipment, and Fire Investigation activities; 
  • it is our legal obligation to comply with Health and Safety Legislation (Article 6, (1) (c)) for the investigation of an incident involving the health, safety and welfare of our staff or individuals visiting our premises; 
  • it is for our own legitimate interests (Article 6, (1) (f)) for the protection of our property, other assets, reducing our insurance claims, and for investigation of crime (which could extend to the legitimate interests of a third party), whilst balancing the rights and expectations of the individuals captured by the CCTV.

Any data will only be used for these purposes, unless other legislation means further processing is necessary and lawful. 

Storing it

All CCTV images are recorded locally, and footage is not retained indefinitely as it is automatically overwritten once capacity has been reached. This depends on the capacity of the recording media at each site or on the Service vehicle, and so will range from approximately 2 weeks to several months.  

There may be a need to keep specific footage for longer if a crime, a Health & Safety incident, or a potential insurance claim is being investigated. This data is downloaded and stored securely on AF&RS systems, treated in accordance with The Home Office guidance, and deleted after use, when no longer required. 

Information sharing  

Our Health, Safety and Welfare team have access to vehicle footage, to carry out health and safety investigations on behalf of the Service.   

Our Property Services team, Service Control, onsite security guard, and our CCTV Maintenance Contractors have access to Service property footage, to manage our site security and maintain the system.  

CCTV footage can also be shared with our insurance provider, to manage any insurance claims.  

Your data rights  

Please refer to the your data rights section.

External Requests  

Decisions about any other request for access (request must be in writing) is carried out on a case-by-case basis, and the requester needs to show a legal reason and entitlement to access it. This includes requests from other AF&RS departments as well as any external party. 

On receipt of legal entitlement, we may consider release to law enforcement agencies, third party insurance companies, or official/legal representatives for the data subject concerned (solicitor, doctor, etc.) who have policies and procedures for the secure handling of personal data. This is because we need to ensure the integrity and security of any data we choose to share with a third party, in accordance with the Information Commissioner (ICO) and The Home Office codes of practice. 

Requests for CCTV footage can be made to the Information Governance Team at [email protected].

Why we collect and use this information 

We are processing personal information so we can manage our finances and in relation to our procurement of goods, services, and works so that we can: 

  • contact individuals and manage the debtor/creditor relationships  
  • manage and administer contracts  
  • purchase goods and services 
  • fulfil the creditor/debtor transaction process 
  • conduct due diligence on suppliers (for example, financial stability)  
  • meet government legislation concerning contracts valued at over £30,000 
  • General administration purposes 
  • To manage the security of our sites 
  • To facilitate health and safety requirements for site visitors 
  • To defend ourselves in the event of a legal claim or dispute 

Type of data 

A Supplier is an organisation or an individual that supplies goods to Avon Fire Authority (AFA) under a fixed term contract or a one-off purchase, whereas a Contractor is an organisation or an individual (including a consultant) that performs services or works (such as building/maintenance works) for AFA either under a fixed term contract or a one-off purchase. This also includes bespoke fixed term contracts as well as goods, services and works procured under the AFA Standard Terms and Conditions for Goods, Works and Services (a copy of which is available on our website), framework agreements or joint procurement agreements. 

Suppliers and Contractors (including consultants) are typically creditors who we owe money to, which we typically pay on receipt of an invoice, usually by BACS, or using a procurement/credit card. 

Debtors are people or organisations who owe money to us. This could be someone we have provided a service to.   

All Creditors 

In order to facilitate the transaction process, we require the following details:  

  • Trading Name
  • Trading Address 
  • Contact details, including names of staff 
  • Bank account details 

If we are not supplied with the information set out above, we may not be able to make payments to you. 

Contractors  

In addition to the above, and depending on the type of contract being procured, we may collect the following, particularly for those Contractors and their staff that are required to visit / perform work on our sites: 

  • Name of individual visiting site 
  • Contact details for individual (may be a mobile phone number) 
  • DBS check numbers only (actual DBS content is not disclosed to us) 
  • Work location 
  • Work times 
  • Vehicle registration numbers 
  • Individual will be captured on our site CCTV 
  • Data captured by our premises’ door access control systems 
  • Experience, qualifications and skills of those carrying out the work/service 
  • Individuals that are contracted to work out of the joint Police and Fire Service HQ, will be subject to the Police vetting procedure (which is data processed by them as the Data Controller) 

The above will form part of the terms and conditions of the contract to supply, and in the event that you are unable to provide the information required, we may not be able to award and maintain the contract with you.  The personal information that we require will be attributed to the specific terms of the contract in question. 

Debtors  

In order to facilitate the transaction process, we require the following details:  

  • Trading Name / individual name 
  • Trading Address / individual name 
  • Contact details, including names of staff 
  • Bank account details 

Collecting it 

Any personal information collected as part of the order/payment process, would be either provided by the organisation/individual during the tender process, awarding of the Contract, or general correspondence for providing goods and services to us.   

Our lawful basis  

We collect and use personal information relating to our creditors and debtors under the following lawful basis: 

  • To meet the legal requirements of Section 112 of the Local Government Finance Act 1988, which falls under Section 6 (1) (c) of the UK General Data Protection Legislation (UK-GDPR). 
  • To enable the performance of a contract or to take steps to enter into a contract whereby we or you have agreed to pay for goods or services, that falls under the Section 6 (1) (b) of the UK-GDPR. 
  • Site security is a legitimate interest pursued by us as the Data Controller, except where such interests are overridden by the interests, rights and freedoms of the data subject, which falls under Section 6(1) (f) of the UK-GDPR. 
  • In order to defend ourselves in the event of a legal claim or dispute, where there is a legitimate interest pursued by us as the Data Controller, except where such interests are overridden by the interests, rights and freedoms of the data subject, which falls under Section 6(1) (f) of the UK-GDPR.

In the event we are required to collect and process special categories of personal data (sensitive personal data), this will only be done if a suitable lawful condition can be met under the UK-GDPR and the Data Protection Act 2018. 

Information sharing 

The following are examples of when we share this information.  Please note this is not an exhaustive list: 

  • Budget holders and members of the finance and procurement teams for the ordering and payment process for goods, works and services, and other general administration
  • Members of staff involved in the tender process
  • Financial Services Provider (who are a Data Processor)
  • Internal and external Auditors for audit purposes
  • Government’s National Fraud Initiative (NFI) for the detection and prevention of fraud 
  • public sectors bodies who we might have a joint procurement with or use their framework agreements 
  • Any other third party appointed by us to facilitate in the contract process, such as consultants, insurance companies and legal advisors. 

We publish procurement information on our website under the Local Government Transparency Code, which is available on our website, any personal data is considered and redacted as necessary. Names of sole traders and consultants will be published if they are used as a trading name. The same will also apply to requests for information published under the Freedom of Information Act 2000 (FoIA). 

Storing it 

We store the information in the following formats, which is held subject to our Service Records Retention Schedule: 

  • New supplier forms held electronically 
  • Purchase Ledger system (managed by our Financial Services Provider) 
  • Information held on paper, scanned and other electronic invoices 
  • Contracts and other procurement documents 
  • Contract database held by our procurement department 
  • Other supplier contract lists, and correspondence held locally by departments, including emails 
  • Site CCTV footage (Please refer to our CCTV Privacy Notice) 

Your data rights 

Please refer to the your data rights section.

Why we collect and use this information 

We operate a drone at operational incidents (if the drone is deemed necessary and will add value to our capabilities) for the purpose of operational monitoring and information gathering to assist Incident Commanders with situational awareness.   

We may also use any captured drone footage to aid our fire investigation activities and any health and safety investigation activities, if appropriate. 

We may also use a drone for operational training exercises undertaken by our staff and our partners.   

We recognise by operating our drone there is the potential for members of the public to be captured via our drone’s activities. We have a range of controls in place to manage the drone’s use and to reduce the risk of privacy intrusions to members of the public. These include in depth drone operator training, having a range of documents and risk assessments in place that are subject to the Civil Aviation Authority (CAA) approval and physical security and IT security controls. 

Types of data 

Live streaming video footage, recorded video footage and recorded still images of an individual is classed as personal data, if the individual can be identified from that data. 

How we collect it 

Our drone will only be operated by trained AF&RS staff. When the drone is in use, appropriate cordons and signage will be displayed to alert anyone in the immediate vicinity we are operating our drone. 

We do not perform covert surveillance via our drone activities. 

Our lawful basis 

The Fire and Rescue Service Act 2004 makes it a requirement to secure the provision of the personnel, services and equipment necessary to efficiently deliver a Fire and Rescue Service.  

Under the UK General Data Protection Regulation (UK-GDPR) 2016, our lawful basis on which we collect and use information generated by the drone depends on the reason for its use: 

  • it is necessary for the performance of a task carried out in the exercise of our official authority as a Fire and Rescue Service (UK-GDPR Article 6(1) (e)) to facilitate our operational staff training, operational tactics, efficient/safe use of Fire Service resources and equipment, and Fire Investigation activities (this is also referred to as our ‘public task’ activities) 
  • it is our legal obligation to comply with Health and Safety Legislation (UK-GDPR Article 6 (1) (c)) for the investigation of an incident involving the health, safety and welfare of our staff or individuals visiting our premises 

Any data captured will only be used for these purposes, unless other legislation means further processing is necessary and lawful. 

How we store it 

All drone activity is recorded in the Drone Flight Path Log.  At present any recorded data from the drone’s activity is saved indefinitely, apart from training activities which may be deleted once any recorded data has served its purpose. 

Any data held is downloaded and stored securely on AF&RS equipment and premises and is processed in accordance with CAA guidance and the Data Protection and associated legislation. 

Information Sharing  

Where the law allows, we may share footage with other external parties, such as the police and other law enforcement agencies, our emergency service partners in attendance at incidents and our insurance providers/legal representatives.  

Your data rights 

Please refer to the your data rights section.

Information Requests from external parties  

Decisions about external requests for access or copies of data captured by our drone activities will be carried out on a case-by-case basis, and the requester has t submit the request in writing, to show a legal reason and their entitlement to access it.  

On receipt of legal entitlement, we may consider release to law enforcement agencies, third party insurance companies, or official/legal representatives for the data subject concerned (solicitor etc.) who have policies and procedures for the secure handling of personal data. This is because we need to ensure the integrity and security of any data we choose to share with a third party, in accordance with our own policies for data handling, the Information Commissioner (ICO), CAA and Home Office codes of practice. 

Information Requests can be made to the Information Governance Team at [email protected]  

Why we collect and use this information 

The information we collect is used to assist in determining the origin and most likely cause of fire. Your contact details are taken in case we need to get back in contact with you, and to document the source of the information provided as part of the investigation. 

The most likely cause of the fire is entered into the Incident Recording System (IRS) against the incident details. Anonymised statistics about the causes of fires are produced to inform our Risk Planning activities, which is a requirement of the National Firefighter Framework and to report to Government and auditors. 

In circumstances where the cause of a fire is thought to be suspicious or deliberate, we have a responsibility to seek the involvement of the Police at the earliest practicable stage. The Fire Investigation Officer examines and records evidence from the scene, this may include the collecting of samples of materials which may have been used to start or accelerate the fire. They work with the Police and other partners to help identify and convict those responsible for starting or assisting with the development of the fire. Where appropriate, information gained or received by us in relation to a fire related crime or fatality will be passed onto the Police and any information the Police obtain that assists determining the cause of the fire will be passed to us, unless this prejudices their investigation. 

Members of the Fire Investigation Team are often called upon to provide evidence as an ‘expert witness’ regarding the origin and cause of a fire to the His Majesty’s Coroner and criminal or civil courts. 

The general findings from investigations, not including your personal information, are used to inform and develop safety strategies, targeting those identified as the most vulnerable groups in our community. Lessons learned from investigations of fires, and in particular those with accidental causes, are passed on to other agencies including the Local Authority, Trading Standards, Health and Safety Executive and His Majesty’s Coroners. 

Types of data 

  • Occupier name(s), address, contact details and statement to confirm the facts of the case. They are relevant to your knowledge and understanding of; events surrounding ownership of the premises; occupancy of the premises, and; circumstances of the fire, as far as they are known to you. 
  • Witness name(s), address, contact details and your statement of witness evidence, in relation to: the origin of the fire (where it started); the cause of the fire, and; why the fire spread, as it did. 

In some circumstances we may need to collect and use sensitive/special category information, such as health details and victim injury information that is necessary to meet our obligations. 

Photographs of the incident may be taken to provide evidence for the investigation. Copies of photographs will be considered to persons with a legitimate right of access (following a request in writing with proof of entitlement), such as: owner; occupier, appointed insurance investigator, and; other agencies using their own legal powers, such as the Police.  Photographs may be used to assist with training and supporting community safety programmes. Any published photographs will be anonymised so that an individual or private residence cannot be identified unless we have your consent. 

Failure to provide the information requested as part of the Fire Investigation process may mean you are in breach of the Fire and Rescue Services Act 2004 (Part 6 Sections 45 – 48 Powers of Entry).  To find out more about our fire investigation powers, please view the Fire and Rescue Services Act 2004: http://www.legislation.gov.uk/ukpga/2004/21/part/6 

Collecting it

Any personal information obtained for this process will be either provided by the individual themselves, witnesses, information recorded by our Control room, the crew in attendance, the police or other agencies that are involved in the Fire Investigation or from other legitimate sources. Information may be collected in a variety of formats such as written correspondence, AF&RS forms (including electronic), images/photographs, footage recorded by our appliance mounted cameras or body worn visual cameras worn by officers, post incident interviews, information passed on by other agencies and third parties, and the Fire Investigation Officer may use a Dictaphone to record information at the scene. 

Our lawful basis

The Fire and Rescue Services Act 2004, places a duty on Fire and Rescue Services to protect life and property from fire. Part 6, Sections 45 to 48 of the Act empowers a Fire and Rescue Service to obtain information and investigate fires and provides powers to investigate what caused a fire or why it progressed as it did. The processing of personal information is therefore necessary to meet our obligations under the Fire Services Act, which means that our lawful processing condition under that of the UK General Data Protection Regulation (GDPR) is Article 6(1) (e) because processing is necessary for the performance of a public task or exercising official authority vested in us as a Data Controller. 

In the event that we are required to process special categories of personal data (sensitive personal data), such as health data or victim injury data that may have had an impact on the fire, this is collected and used for the substantial public interest as long as it is proportionate to the aim pursued and we apply suitable measures to safeguard the rights and interests of the data subject (Article 9 (2) (g) of the UK-GDPR).  In addition, the Data Protection Act 2018 Schedule 1, Part 2: Substantial Public Interest Conditions, enables us to process this data when processing is necessary for Statutory and Government purposes, so that we can exercise our function as a Fire & Rescue Service. 

Storing it

We review Fire Investigation Reports every 5 years to decide whether they should be further archived, these are reviewed on a case-by-case basis. Storage of these documents is within our premises and on our own IT system, which is subject to existing information security controls. 

Information sharing  

Information entered into the Incident Recording System (IRS) (including the most likely cause of a fire) is accessed by The Home Office and Service personnel whose role requires them to have access. For more about The Home Office use of IRS please visit: https://www.gov.uk/government/publications/data-protection-and-privacy-notices/fire-and-rescue-service-incident-recording-system-privacy-information-notice

As stated above, information will be shared to other statutory bodies for the purpose of prevention and detection of crime. In these circumstances, we will disclose information which is necessary for this purpose. 

In accordance with The Coroners and Justice Act 2009, there are occasions where we are requested to provide evidence at Coroner’s inquests, including disclosure of the fire investigation report. The Coroner must normally disclose copies of relevant documents to interested persons (such as the family), on request at any stage of the investigation process as soon as is practically possible. 

Where a concern is identified by the Coroner, which could have been identified as a result of an issue raised or recommendation made, within a Fire Investigation Report, the Coroner is under a duty to undertake a Report to Prevent Future Fire Deaths. For more information on this process, please view The Coroners (Investigations) Regulations 2013 http://www.legislation.gov.uk/uksi/2013/1629/contents/made

Your data rights  

Please refer to the your data rights section.

External Requests 

Requests for copies of Fire Investigation Reports are disclosed to external parties, such as members of the public who can provide evidence of residence or ownership of a property or vehicle or the solicitors, insurance companies and loss adjusters who are acting on behalf of the owner/occupier of an affected property or vehicle. Information can also be provided to someone acting on behalf of an individual who has been recorded on the incident record as being injured as a result of the incident. Necessary identification and entitlement to the information will be requested to ensure information is not disclosed inappropriately and where appropriate, personal information will be redacted. 

Information requests can be made to the Information Governance Team at [email protected]  

This Notice is for members (and beneficiaries) of the Avon Fire Authority Firefighters’ Pension Schemes (the “Schemes”) and has been prepared by Avon Fire Authority (the “AFA”) in its capacity as the manager of the Scheme (the “Scheme Manager”) and the Data Controller.

This notice applies to all of the following schemes: 

  • Firefighters’ Pension Scheme 1992 
  • Firefighters’ Pension Scheme 2006 
  • Firefighters’ Pension Scheme 2015 
  • Modified Firefighters’ Pension Scheme 

Why we collect and use this information  

We hold personal data about you in our capacity as Data Controller for the proper handling of all matters relating to the Scheme, including administration and management, and this includes the need to process your data for the following reasons: 

  • to contact you 
  • to calculate, secure, and pay your benefits 
  • for statistical and financial modelling (for example, assessing how much money is needed to provide members’ benefits) 
  • for reference purposes (e.g. when we assess how much money is needed to provide members benefits, or inform the Government of any additional funding requirements) 
  • to manage liabilities and administer the Schemes generally 
  • to assess eligibility for, calculate, and provide you with benefits (and, if you are a member of the Scheme, to do the same for your beneficiaries) 
  • to identify your potential or actual benefit options and, where relevant, implement those options 
  • to comply with our legal and regulatory obligations as Scheme Manager 
  • to address queries from members and other beneficiaries, and to respond to any actual or potential disputes concerning the Scheme  

Types of data  

  • contact details (e.g. name, address, telephone number, email address) 
  • identifying details, including date of birth, national insurance number, and employee and membership numbers 
  • information used to calculate and assess eligibility for benefits (e.g. length of service, or membership and salary information) 
  • financial information relevant to the calculation or payment of benefits (e.g. bank account and tax details 
  • information about your family, dependents or personal circumstances, marital status, and information relevant to the distribution and allocation of benefits payable on death) 
  • information about your health, to assess eligibility for benefits payable on ill health, or where your health is relevant to a claim for benefits following the death of a member of the Scheme 
  • information about a criminal conviction where this may result in pension forfeiture 

Collecting it 

Most of the information we hold has been provided by you. We may also have received data (for example, salary information) from a current or past employer, from a member of the Fund (if you are or could be a beneficiary due to that person’s membership), and from a variety of other sources including public databases (such as the Register of Births, Deaths and Marriages), our advisers, and government or regulatory bodies like those in the list of organisations listed below that we may share your personal data with. 

If you need to provide us with personal data about anyone else (a family member, a dependant, or anyone who is a potential beneficiary under the Scheme), please make sure you tell them what’s in this Privacy Notice. 

Our Lawful basis 

Under the UK General Data Protection Regulation (UK-GDPR) 2016 and the Data Protection Act 2018 (DPA), we can only process personal data if we have a lawful basis for doing so. The two main reasons are: 

  • if we need to satisfy our legal obligations as Scheme Manager under the Superannuation Act 1972 and the Pensions Act 2014 
  • if we need to meet our contractual obligations, or you’ve asked us to take steps before entering into a contract in relation to the Scheme 

The majority of personal data we process will fall under the same lawful basis for that of our current employees, such as either with your consent, compliance with a legal obligation, to fulfil our public duties (public task) as a Fire & Rescue Service, or for legitimate interests. 

The same will also apply to special category (sensitive personal) data, although the most common will be with your explicit consent (expected to be written), or for the purposes of performing or exercising our obligations in connection with employment, social security or social protection (Paragraph 1(1) (a) of Part 1 of Schedule 1 of the Data Protection Act (DPA) 2018). 

There’s further information about special category data and processing on the Information Commissioner’s website 

Civil Contingency Planning  

We may use your data to contact you but only when it is fair and reasonable so that we can perform our public task duties (as per UK-GDPR Article 6(1)(e)) as a Fire & Rescue Service, to fulfil our duties under the Civil Contingencies Act 2004, to support our partners, and for public health reasons in times of crisis (such as the COVID-19 national pandemic). 

Storing it 

Your personal information is kept for as long as we need it to fulfil the purpose of providing your pension entitlement under the Scheme, so this is until it ceases (either to you or your beneficiary) unless the law requires us to keep it for a longer period. 

Some data will be kept after benefits stop being paid, so the Fund can deal with any questions or complaints arising from your pension, for Scheme administration purposes, to comply with our legal and regulatory requirements, or for broader research on Fire Fighter pensioner longevity.  

Your personal data may also need to be kept if you’ve received a transfer or refund from the Scheme, for the above reasons. 

Information sharing   

West Yorkshire Pension Fund (WYPF) is managed by City of Bradford Metropolitan District Council (CBMDC), who have been appointed to administer the Scheme on behalf of Avon Fire Authority (AFA). They act as a Data Processor, with the information passed to them for the specific processing purposes of administering the Schemes. 

The AFA has a Firefighters Pension Scheme Board who assists the AFA (as the Scheme Manager) in administering the various Firefighter Pension Schemes by providing governance and scrutiny of policies, pension documentation, decisions and outcomes. 

WYPF and AFA may need to share data with the following third-party organisations if we have a legal or contractual obligation or a legitimate interest to do so: 

  • tracing bureaus for mortality screening and locating members (currently Lexis Nexis, Accurate Data Services and Experian) 
  • overseas payments provider to transmit payments to scheme members with non-UK accounts (currently HSBC Global Disbursements) 
  • printing companies (currently Bradford MDC framework contract and Adare SEC) 
  • pensions software provider (currently Civica Group Ltd) 
  • suppliers of IT, document production and distribution services 
  • Avon Fire Pensioners Association, 
  • statutory, external and internal auditors 
  • The Department for Work and Pensions 
  • The Pensions Regulator 
  • The Pensions Ombudsman 
  • The Government Actuary’s Department 
  • The Cabinet Office (for the purposes of the National Fraud Initiative) 
  • His Majesty’s Revenue and Customs (HMRC) 
  • The Courts of England and Wales (for the purpose of processing pension sharing orders on divorce) 

In each case we’ll only do this if we consider it’s reasonably required for these purposes. We won’t use your personal data for marketing purposes and won’t share data with anyone for the purpose of marketing to you or any beneficiary.  

We may need to provide your data to the government bodies, dispute resolution and law enforcement organisations listed above when requested or if we consider it’s reasonably required, and they may use the data to carry out their own statutory functions, functions in relation to the Scheme, business administration and regulatory purposes, or statistical and financial modelling and planning (such as calculating expected average benefit costs and mortality rates). They may also pass the data to other third parties if they consider that’s reasonably required for a legitimate purpose. 

We are obliged to verify that appropriate safeguards are implemented to protect your data in accordance with applicable laws if your data needs be transferred outside the European Union.   

Your data rights 

Please refer to the your data rights section.

Why we collect and use children and young person’s information  

Avon Fire and Rescue Service (AF&RS) is committed to serving the local community, ensuring a safer place for people to live, work or visit. Our Firesetters Intervention Scheme is key to this and the information we collect can help influence our future work and keep people and their property safe.  

This Scheme is aimed at children and young people who fire set, fire play or have a fascination with fire. Our trained Firesetter Advisors work with children and young people and their parents/carers/legal guardians to increase awareness of the dangers and consequences of fire and establish a cause behind the actions. The Firesetters Intervention Scheme is a voluntary Scheme, and we require parental/legal guardian consent for the child/young personal to participate in the programme. The cooperation of the family is crucial to the success of the programme. 

We use children and young person’s data to: 

  • record and evaluate our work 
  • derive statistics which inform decisions about how we improve safety and support the development of our staff 
  • investigate fires and other incidents 
  • help you contact other services which may benefit you or improve your safety 
  • deliver and manage safety courses and services for young people 
  • provide feedback of interventions to the referring agency 

Types of data 

  • personal information of the child/young person (such as name, address, date of birth 
  • personal information of family members, carers or legal guardians (such as name, address, age of siblings) 
  • special categories of personal information in the form of characteristics (such as gender, ethnicity, disability) 
  • information relating to the instances of fire setting (such as referral information, assessment information, details of history of setting fires, dates and details of the interventions that we have carried out.) 
  • information relating to the child Special Education Needs and Disabilities (SEND) and/or an Education, Health and Care (EHC) plan and other relevant behavioural information 
  • Any other relevant information relating to the personal circumstances of the individual 

Collecting it 

Information is collected by phone or email at the time of referral and during the visit, the Firesetter Advisor will collect information which will be recorded within a case booklet. When collecting any forms of special category information, this will be explained to all parties as part of the process.  

Following the visit, AF&RS may also anonymise the personal details for statistical purposes to record, monitor and evaluate our work. 

Our lawful basis

Whilst we seek parental/legal guardian consent for the child/young person to participate in the Firesetters Intervention Scheme, any personal data that we collect and process will be in accordance the Data Protection Legislation, which we do within our performance of a task carried out in the public interest ( Article 6 (1)(e) of the UK-GDPR). This we do when performing our function as a Fire & Rescue Service, as it is in the public interest to promote fire safety. 

Any collection and use of special categories of personal data (sensitive personal data, such as health data) is also when performing duties for reasons of substantial public interest (Article 9 (2) (g) of the UK-GDPR).  When processing any special category personal data for this purpose, we need to satisfy a further condition within the Data Protection Act 2018, which is specified in Schedule 1, Part 2 (6) ‘Statutory and government purposes’, as supported by the Fire Services Act (Part 6 ‘Fire Safety’), which provides us with ancillary powers to carry out fire prevention activities within our area. 

Storing it 

All information is transferred on to a database where it is stored and subject to AF&RS information security controls, policies and data retention schedule. 

Handwritten notes are kept securely to assist the Firesetter Advisor in carrying out the intervention. Once the interventions have all been carried out, the notes are securely shredded. 

Information sharing  

We will only share information about children and young people where the law and our policies allow us to do so. 

We have a responsibility to promote social wellbeing and prevent harm. To ensure you receive relevant services and we improve our own, we often work with other authorities, agencies and partners including; 

  • Other fire and rescue services (anonymised data for research purposes) 
  • Community organisations 
  • Councils 
  • Police and other emergency services 
  • Social services 
  • Educational services 
  • Health services 
  • The Home Office (anonymised for statistical reporting) 

The Fire and Rescue National Framework for England states that we are expected to develop partnerships to support risk reduction services to those identified as vulnerable and wherever possible to share intelligence and relevant risk data. The Digital Economy Act 2017 further supports public sector data sharing for the purpose improving or the targeting of a public service provided to individuals or households, which includes the well-being of individuals or households, such as their physical, mental health and emotional well-being and /or social and economic wellbeing. 

Your data rights 

Please refer to the your data rights section.

If you have concerns about what personal data we collect and share, please discuss this with the Firesetter Advisor as we may be able to collect limited and anonymised data so that we can still deliver the intervention. The exceptions to this are when we are feeding back to a referring agency, if we have safeguarding concerns, when a criminal activity has been disclosed or when we are required by law to pass on information. 

Please read the AF&RS employee information privacy notice above, as a lot of the information there also applies to you. 

We have also included separate privacy notices for pensions depending on what scheme you are in: 

  • Firefighters Pension Scheme 
  • Local Government Pension Scheme 

Much of the information we hold was provided by you during your employment, although some may have been received from internal sources such as your line management, or external sources such as our occupational health provider.  

It’s unlikely we’ll need to collect any new information from you once you leave employment with us, unless there’s an ongoing requirement to do so. 

Why we still hold information, and when we may use it 

We’ll only use your personal information when the law allows us to and will endeavour to use your personal data in line with your reasonable expectations to ensure that any processing is fair, lawful and transparent, in line with the requirement of the Data Protection Legislation. 

Below is a list of some of the possible circumstances we may need to hold and use any information after someone’s employment ends: 

  • to perform obligations of the contract we entered into, such as the employment contract or a settlement agreement. Some of the contractual obligations in these contracts continue after employment has terminated, such as the duty to observe confidentiality 
  • to comply with a legal obligation, such as payroll and health & safety records that have to be retained because of current legislation 
  • to liaise with pension providers and the trustees/administrators of pension schemes, including ill health retirement pensions 
  • to carry out ongoing employment investigations or legal claims/disputes after someone has left employment, or if they have been cited as a witness to an investigation or claim 
  • to respond to queries about employment after the person has left  
  • to provide any employee related benefits someone is entitled to after they have left our employment  
  • for business management and planning, including accounting and auditing  
  • to provide employment references if asked for  
  • to prevent and detect fraud and for the prevention and detection of other crimes  
  • to conduct data analytical studies (such as the staff survey) to review and better understand employee retention and attrition rates
  • for equality and diversity monitoring (anonymous for statistical purposes) 
  • to keep former employees informed of AF&RS news if they have opted in to receive updates

We may also use your personal information: 

  • if we need to protect your interests (or someone else’s interests) 
  • if it is needed in the public interest or for official purposes 

We only use your personal information for the purposes we originally collected it, unless we reasonably consider we need to use it for another reason and that reason is compatible with the original purpose. If we need to, we will contact you and explain the legal basis which allows us to do so.  

Please note there may be circumstances where we may have to process your personal information without your knowledge or consent, but that will be where this is required or permitted by law and will be compliant with the data protection legislation. 

Civil Contingency Planning  

We may use your data to contact you but only when it is fair and reasonable so that we can perform our public task duties (Article 6 (1) (e) UK-GDPR) as a Fire & Rescue Service, to fulfil our duties under the Civil Contingencies Act 2004, to support our partners, and for public health reasons in times of crisis (such as the COVID-19 national pandemic).   

Mailing lists  

We will hold your email address if you have informed us that you would like us to send you copies of the AF&RS Big Shout staff newsletter, together with information about forthcoming retirements, socials, bereavements, and general news which may be of interest to you. As these email addresses have been provided by you, it means you have consented to us contacting you for these purposes. 

It will be kept until you either ask us to use a different email address, or you withdraw your consent as you would like us to stop sending you information, and we keep any email correspondence for the current financial year it was received in plus a further year in case of any queries. 

If we are asked for your email address by someone else (a third party) we will either contact you to ask for your consent or pass their details to you so you can decide whether you wish them to have it, unless we are required by law to give it to them. 

The mailing list is separate to the one managed by the Avon Fire & Rescue Service Pensioners Association, although we can take your rights and expectations into account and share email addresses for legitimate reasons. Their own privacy notice is displayed on their website https://avonfirepensioners.org/your-privacy/  
 
Please note we will also remove email addresses from the contact list if we are informed the person has died, although sometimes a next of kin may provide an alternative email address to stay in contact. Again, we would only continue this contact with consent. 

Our lawful basis 

The majority of personal data we process will fall under the same lawful basis for that of our current employees, such as either with your consent, compliance with a legal obligation, to fulfil our public duties (public task) as a Fire & Rescue Service, or for legitimate interests. 

The same will apply to the lawful processing for special category (sensitive personal) data, although the more common ones for former employees will be with explicit consent (expected to be written), or for the following: 

  • obligations under employment law, social security or social protection 
  • establishing, exercising or defending a legal claim 
  • carrying out our public duties as a Fire & Rescue Service 
  • the purposes of preventative or occupational medicine when assessing your working capacity in the case of ill health retirement or medical claims 

There’s further information about special category data and processing on the Information Commissioner’s website 

Storing it 

Our Records Retention Schedule outlines how long we keep information and, for most data (such as the employee Personal Record File ‘PRF’), this will normally be for the financial year the person left the Service plus the next 6 years. We may hold data for longer, for example Wellworker (Oshens) incident records because of Health & Safety legislation, or payroll data for pension administration purposes. IT and email accounts will be deleted after the person has left, unless there is a genuine business reason to keep any part for longer, which is authorised by a manager. 

In some circumstances information may be anonymised so that it can be used for statistics, in which case we may keep it without further notice. This is because it is no longer considered to be personal data, as nobody can be identified from it. 

Any personal data will be disposed of securely in line with our Service Policies. 

Information sharing  

We will disclose your information to third parties if we are legally obliged to do so, to comply with other Government departments and agencies, or if that third party is providing a service on our behalf e.g. payroll provision. 

Some examples of who we may share with are:  

  • Avon Fire & Rescue Service Pensioners’ Association 
  • Pension Scheme Trustees and Administrators 
  • Payroll providers 
  • Occupational Health providers and medical/health professionals 
  • Insurance providers 
  • Legal advisors on employment matters 
  • His Majesty’s Revenue & Customs (HMRC) for tax purposes 
  • Auditors 
  • Staff Welfare providers 
  • Statutory Organisations 
  • People asking for employment references 
  • Equalities monitoring organisations (normally statistical and anonymised) 
  • Government Departments (normally statistical and anonymised) 
  • National Fraud agencies 
  • Police & Fraud Officers – under our legal duty to ensure the protection and detection of crime 

If we need to transfer your personal information outside the European Union, we will ensure it is given suitable protection. 

Your Data Rights 

Please refer to the your data rights section.  

Why we collect and use this information 

Our prevention work is the first step in reducing the risk of having a fire in your home and we do this by offering members of the community a Home Fire Safety Visit (HFSV). These visits are free and include the fitting of smoke alarms and the giving of fire safety advice. We may also offer to refer you on to other agencies that might be able to support you. 

The information we collect prior to the visit is needed to enable us to arrange the visit (e.g. your address). 

The information we collect during the visit will be used; 

  • To provide appropriate services to protect your safety or the safety of others 
  • To record and evaluate outcomes of the activities the Fire Service has provided 
  • For statistical purposes to analyse activity, identify any trends and provide anonymised statistics to the Home Office 
  • Help you contact other services which may benefit you and improve your safety and wellbeing 

 Types of data  

  • The occupant’s (your) contact details (name, address, telephone number, email address) or someone acting on your behalf 
  • Personal information of the occupant and family members (such as age group, lifestyle information) 
  • Special categories of personal information (including ethnicity and relevant health information, such as the existence of a hearing loss, visual impairment, mobility issues, cognitive issues, and user of oxygen) 
  • Information regarding the interventions we have carried out 

Collecting it 

All visits take place with the consent of you the occupier or by someone acting on your behalf. Prior to the visit, we will usually have your name and contact details which will have been given to us directly by you or via a referral, for example from a family member, carer or agency which may be working with you. We use these details to arrange a mutually convenient time for the visit. 

The visit will be undertaken by either operational personnel or one of our Community Safety Team. During the visit we will ask fire safety related questions to help us assess risk and provide the necessary advice and support. We will make a record of your responses and keep a record of referrals made. Some of our partners also provide Fire Safety advice and/or smoke alarms on our behalf, if you consent to this, they will also pass this information back to us to store on our database. 

Information is collected using a mobile device and then uploaded to our central database. 

After a visit, we may send a survey to ask for your views on our service. If you choose to complete the survey, all responses are anonymous. They are returned to an external organisation called Opinion Research Services, who are an independent research company who will process and analyse the responses and provide us with a summary to help us improve our performance. 

Other sources 

We use information from partners and other organisations to help us to better target our Home Fire Safety Visits, such as data provided by the NHS (for further information, please refer to NHS Privacy Notice), Western Power Distribution (WPD privacy notice) and non-personal consumer data provided by Experian (Mosaic). We map this information and make it available to station staff to help them target communities who would benefit from our services. 

Safelincs online HFSV questionnaire  

Safelincs provide an online Home Fire Safety Visit questionnaire which is available for all Fire & Rescue Services (FRS) to use, free of charge to both the Fire Service and its users (you). If you do meet the criteria for a fire safety visit in the home, your contact details (as provided by you at the end of the Safelincs questionnaire) are then made available to us via Safelincs, so we can approach you to arrange the visit. 

Referrals  

Our partners make referral requests to us to carry out a Home Fire Safety Visit (HFSV). We have Partnership Agreements in place with each of our recognised partners which set out the governance and lawful basis for sharing name and contact details. Our partners will ask for your consent to make a referral when they think you will benefit from a HFSV from us. 

Home Oxygen Users 

We receive names and addresses of individuals who have an oxygen cylinder in their home.  Each home oxygen user will sign an NHS consent form when they register for the service, this states that their data will be shared with their local Fire and Rescue Service to deliver a HFSV (this consent form is managed by the NHS, prescribing clinician). Air Liquide reiterate this when they install the oxygen and they provide the AF&RS Service Control Room with a list of all home oxygen users, which is updated on our system monthly. This is shared with crews in the event that they are required to attend an incident at the property, for safety reasons.  Should the oxygen user wish to withdraw their consent, this may have implications on whether the oxygen supply can remain at the property.  Please refer to the Air Liquide Privacy Notice for further details 

Our lawful basis

The information that is collected is used by us to provide the requested service and to meet our obligations under the Fire and Rescue Services Act 2004. These obligations include promoting fire safety, reducing yours and others risk from fire, providing advice on actions to take in the event of a fire, safeguarding our community by improving yours and others’ safety, and providing support to improve your health and wellbeing. 

We will process your personal data under the lawful processing conditions of the UK General Data Protection Regulation (UK-GDPR) Article 6(1)(e) because processing is necessary for the performance of a public task. Special category (sensitive) personal data (which for safety prevention would be ethnicity and health data) is processed under UK-GDPR Article 9(2)(g) for reasons of substantial public interest. The Data Protection Act 2018 (DPA) gives us with the power to collect ethnicity and health data under ‘Public interest’ when it is for the ‘equality and opportunity of treatment’ and details about a person’s health which may affect their ability to escape in the event of a fire, for ‘Statutory etc and government purposes’ to exercise our function as a Fire and Rescue Service (Schedule 1, Part 2 – DPA). 

Storing it 

Information we collect and generate as part of the visit, is held within an internal database.  This is subject to strict security controls to ensure that access is limited to those staff members who need to see it to carry out the visit, progress outcomes from the visit and administer and evaluate the service, where appropriate, including our safeguarding team. 

An outcome of the visit could be that our Service Control room staff and operational crews would benefit from having access to certain information to provide an effective response in the event of an emergency at your property. In such cases, relevant information will be passed on, such as a person being unable to escape the property without help, having oxygen stored or a property key code. 

We keep your information in line with our Service Retention Schedule, after which time it is securely destroyed when no longer required. 

Information Sharing  

We have a responsibility to promote social wellbeing. To do this we often work closely with other authorities. To ensure you receive the relevant services, we may need to share your personal and special category (sensitive) information with other authorities and partners such as: 

  • Community Organisations or Voluntary Services 
  • Councils 
  • Police and other emergency services 
  • Health Service 

We will make you aware if your information is intended to be passed on and provide the opportunity for you to say ‘no’, except when we are required by law to pass on the information. 
 
Where it is not possible or practical to obtain your consent to share special category personal information, we will only share the information if we consider it necessary to protect your vital interests. Such interests are for the protection of life, reduction of crime and accidents, and for improving health. 
 
We will remove as much detail as possible leaving only key elements to enable us and our partners to target resources to you. 
 
Sharing information with our partners will only take place under strict data sharing protocols with tight security in terms of the transfer of information. 

Your data rights 

Please refer to the your data rights section.

Why we collect and use this information 

We will collect and hold some of your personal information if: 

  • you make a claim against us, or we make a claim against you, 
  • we make a claim to our protection provider or our insurers which involves you, 
  • you are a witness to an incident where a claim is made. 

We may collect your personal information directly from you or from other professionals who hold it, such as your doctor, lawyer, or employer. 

Types of data  

This personal information may include, but is not limited to, your: 

  • name, address, phone number, and email address, 
  • age and gender, 
  • medical information, past and current, including medical records and reports, 
  • disability information, including medical records and reports, 
  • employment records, 
  • vehicle registration number, 
  • photograph and/or CCTV/video images of you or your vehicle or property. 

Our lawful basis 

We collect and hold personal information in accordance with current data protection laws, which means we will only collect and use your personal information for one or more of the following reasons: 

  • to process a claim, 
  • to defend against or bring legal proceedings, 
  • to enable us to make a claim against our protection provider or insurers, 
  • to respond to complaints. 

We will normally only use personal information about your health and your medical records if you agree we can. You can ask us to stop using that information by writing to us or emailing us, but this may affect any claim you have against us. 

Who we may share personal information with: 

We may share personal information if it is necessary for a claim with our protection provider FRIC (Fire & Rescue Indemnity Company Limited), their managers (Thomas Miller), and our insurers. We may also share personal information with other people and organisations in connection with a claim, such as our legal and medical advisers and loss adjusters. 

Storing it  

We keep claims related information for either seven years from the date of settlement or closure of the claim, or for any other statutory period relevant to the age of the claimant and/or the nature of the injury/disease if that is longer than seven years. 

We will delete or destroy personal information securely when we no longer need to keep it. 

Your data rights 

Please refer to the your data rights section.

Why we collect and use this information  

To aid the investigation and prosecution process of malicious false alarm fire calls received by the Fire Service, which put a drain on our resources and prevents us from dealing with genuine emergency calls.  

Any personal information obtained for the purpose of carrying out our investigation and prosecution process will only be used for this purpose unless other legislation dictates, or further processing is necessary for the performance of a task carried out in the public interest or for Avon Fire Authority to exercise its official duty as a public function. 

In the event the outcome of the investigation identifies that a criminal activity has taken place, the Authority has a duty to disclose personal data to the relevant authorities and/or external providers (such as legal representatives) appointed by the Authority. 

Types of data 

Name and contact details for the following categories of data subject: 

  • Members of the public who are responsible for making malicious false alarm fire calls to the Fire Service (to include details their actions/events) 
  • responsible person of a business/commercial premises (on behalf of the business/organisation in question) 
  • landlord / property owner 
  • Other witnesses 

Collecting it 

Any personal information collected for this process will be either obtained from our Service Control, telephone providers for public phones, the Police or other Law Enforcement agencies, organisations or premises that are affected by the malicious fire call, witnesses or by the individual themselves. 

Our lawful basis  

Our lawful reason to collect and use this personal information is because it is necessary for the performance of a task carried out in the public interest or for Avon Fire Authority to exercise its official duty as a public function (UK General Data Protection Regulation lawful processing condition 6 (1)(e)) for the investigation and prosecution of malicious false alarms under Section 49 of the Fire Services Act 2004.

Information sharing 

Information will be only shared for legitimate purposes, or we have to legal duty to share the information, to include (but is not limited to) Law Enforcement Agencies, legal representatives, organisations/landlords and other individuals affected by the process. 

Storing it 

Any personal data held for the purpose of investigation and prosecutions of malicious false alarm fire calls will be retained by the Authority for 6 years in line with the Authorised Professional Practice (APP) management of police information guidelines and Criminal Procedure & Investigations Act (CPIA). 

Your data rights 

Please refer to the your data rights section.

Why we collect and use information 

Avon Fire and Rescue Service (AF&RS) is required by law to protect the public funds it administers. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. 

The Cabinet Office conducts data matching exercises to assist in the prevention and detection of fraud as part of its responsibility for public sector efficiency and reform. Part 6 of the Local Audit and Accountability Act 2014 enables the Cabinet Office to process data as part of the National Fraud Initiative (NFI).  

We are a mandatory participant in the Cabinet Office’s National Fraud Initiative and are required to provide particular sets of data to the Minister for the Cabinet Office for matching each exercise, and these are set out in the Cabinet Office Guidance

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information.  

Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. 

Types of data 

  • Staff payroll 
  • Staff pensions  
  • Creditors  

Please refer to the Government’s code of data matching lists on their website for more details.

Our lawful basis  

Our lawful basis to process this data is set out in Article 6 (1) (c) of the UK General Data Protection Regulation (UK-GDPR) where ‘processing is necessary for compliance with a legal obligation to which the controller (us) is subject’. We are not required to obtain the consent of the individuals concerned under data protection legislation. 

The Cabinet Office has published its Data Privacy notice, which sets out how the Cabinet Office will use your personal data and your rights. The notice is made under Article 14 of the UK General Data Protection Regulation (UK-GDPR). 

Data matching by the Cabinet Office is subject to a Code of Practice.  

Your data rights 

Please refer to the your data rights section.

Why we collect and use this information 

Avon Fire & Rescue Service (AF&RS) uses photography and moving images (video): 

  • To educate and inform staff and communities 
  • To recruit staff 
  • To promote the wide range of work we are involved with 
  • To promote safety campaigns 
  • For identification and security purposes 
  • For training purposes 
  • For fire investigation purposes (see Fire Investigation Privacy Notice) 
  • For meetings of the Fire Authority (but not its committees), which are video recorded and uploaded to our ‘YouTube’ channel for public viewing 

Types of data 

Images and moving images (including voice recordings, video and ‘You Tube’ footage) of people are classed as personal data when a person can be identified. 

Collecting it 

All AF&RS staff must ensure that anyone being photographed or filmed is aware of this. We ask permission when taking images of members of the public in which they are clearly identifiable. In particular, when taking photographs of those under the age of 16, staff will gain written consent from their parent, guardian or carer. 

However, gaining permission is not always practical at large events, such as at station open days and public events, neither is gaining permission of those in the background of a photo. On such occasions, posters or leaflets are displayed to inform members of the public that photographs are being taken. If someone does not wish for their image to be used, we request that they try to stay out of shot where possible. 

Our lawful basis 

Our lawful reason to collect and use this personal information is with the consent of the data subject or the parent or carer of the data subject (Article 6 (1) (a) of the Uk General Data Protection Regulation ‘UK-GDPR’). 

The exceptions for this are for: 

  • images required for corporate identification such as ID Cards for staff, which is a requirement of their Contract of Employment and for site security reasons; and 
     
  • video recordings of public meetings in order to make the meetings accessible to members of the public and to aid transparency for our decision-making process, which we process in association with our duties under a public task (Article 6(1) (e) of the UK-GDPR). 

Storing it 

All rights to the images belong to AF&RS. Images may be cropped or modified for quality or combined with other images, text and graphics. 

All images will be stored on Fotostation software and access is restricted to the Corporate Communications Team who may need to use photos to carry out their duties. They are held in accordance with AF&RS’s Information Security, Data Protection, and Photographic Policies. They will be kept indefinitely for legitimate reasons (such as historical accounts of events and Fire Service history), along with any signed consent form, subject to not infringing on the rights and reasonable expectations of the individual. 

Images posted on social media are not routinely deleted but would be upon request. 

Staff images for identification purposes are kept in line with our Service Retention Schedule. 

Information sharing  

We may publish photos or videos via our internal staff intranet site or public AF&RS website, YouTube channel, social media, or on leaflets, publications or press releases. We do this to help with promoting our work, recruitment, press and journalism, training and debrief, promoting safety messages and encouraging engagement with the Service. 

Your data rights 

Please refer to the your data rights section.

If you believe you may have been photographed and would rather not be, please inform the photographer on the day who will delete the photo. After the event you can withdraw your consent at any time by contacting a member of the Corporate Communications Team by submitting a general enquiry form or call us on 0117 926 2061. You will need to provide a date and description of the photo to help them find it and delete it. Please be aware that it is not always possible to recall all instances of a photo once it is published for practical reasons. 

This Privacy Notice refers to external recruitment and selection, where we may recruit direct or use the services of a recruitment agency.  Internal recruitment for existing employees will be covered as part of the AF&RS Employee Privacy Notice. 

Why we collect and use this information 

When you apply to work at Avon Fire & Rescue Service, we use the information provided to process your application, make an informed assessment of whether you meet the role criteria to be offered a Contract of Employment and to monitor recruitment statistics. We would also use some of the same information to process your Contract should you be successful. 

Some of the information requested is necessary to meet legal or regulatory requirements. For example, if you are applying to become a firefighter you will be requested to complete a pre-physical test questionnaire and undertake a medical to meet our employer obligations under the Health and Safety at Work Act 1974 and Management of Health and Safety at Work Regulations 1992. The Fire Services (Appointments and Promotion) (England and Wales) Regulations 2004 set out certain criteria that are required, such as proof of age to confirm you are over 18. 

The equality monitoring form is voluntary, and this information won’t affect your application. The equality monitoring form is a separate from and only used to produce and monitor anonymous equal opportunities statistics and provide data for government statistics, for example https://www.gov.uk/government/statistical-data-sets/fire-statistics-data-tables 

Types of data 

Name, address, telephone, email, contact details, National Insurance number, employment history, educational background and qualifications, details of your skills and experience, contact details for referees, proof of identity, equality and diversity (E&D) data and information about criminal records. We may also collect medical information depending on the role, which is relevant to assess your ability to carry out that role. 

During a recruitment process we will collect information to verify your right to work within the UK, such as a passport or birth certificate, immigration papers for non-EU citizens, and if applicable, you may be asked to provide additional information to complete a criminal record check, Disclosure and Barring Service (DBS) check or Police Security Vetting (if applicable). 

Collecting it 

In addition to the information that you supply on the application form(s) we may also collect, hold and appraise information on individual candidates’ performance during a recruitment and selection process. Information will be generated by you or by us. This will include information we gain from your selected referees. 

Depending on the role, the recruitment and selection process may include online job specific or psychometric tests to analyse and/or predict your performance at work.  We normally use a professional third party to conduct these tests on our behalf.  The results will be used to inform a selection decision. Where online tests are used, and a selection decision is based solely on automated outcomes, you have a right to request further information from the person responsible for the testing. This allows you to gain an understanding of how the decision was reached and to challenge this decision if you are unhappy with the outcome. You will be informed where this is the case. 

Our lawful basis 

Our lawful reason to collect and use this personal information is that processing is necessary for the performance of a Contract (Article 6 (1) (b) of the UK General Data Protection Regulations ‘GDPR’) or compliance with a legal obligation (Article 6 (1) (c) of UK GDPR) as laid out above. 

Our lawful reason for collecting sensitive/ special categories of personal information is for the purposes of carrying out the obligations and exercising specific rights of the Data Controller (meaning us) or that of the data subject (meaning you) in the field of employment (Article 9 (2) (b) of UK GDPR), and that processing is necessary for the purposes of occupational medicine for assessing the working capacity of the employee (Article 9 (2) (h) of UK GDPR).  Ethnicity and other equalities data is collected with your explicit consent.   

Storing it 

Personal information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed. It will then be securely destroyed or deleted. We retain anonymised statistical information about applicants (including E&D data) to help inform our recruitment activities, but no individuals are identifiable from that data.  

Personal information about successful candidates, such as job application form and references will be held on a file relating to their employment (called a Personal Record File ‘PRF’), which is reviewed periodically to remove any data/records that no longer meets the HR retention period. Further information can be found in the AF&RS Employee Privacy Notice and AF&RS Records Retention Schedule. 

Information sharing  

Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service (DBS), we will not do so without informing you beforehand unless the disclosure is required by law. 

For individuals who apply for AF&RS posts via an external Employment Agency, please refer to that Agency’s own Privacy Notice for further information about what personal data they hold and who they may share it with. 

Your data rights 

Please refer to the your data rights section.

Why we collect and use this information 

In order for Avon Fire & Rescue Service (AF&RS) to respond to emergencies calls, we need to collect and process personal information about individuals and others involved in the emergency incident. 

We will keep data once the incident is closed for specific purposes, including:  

  • To investigate the cause of fires and other incidents  
  • To plan how to use our resources effectively in the future, by analysing the incident data to identify trends and predict areas within our communities that are more likely to experience emergencies  
  • To manage performance, monitor equipment use, identify training needs, and carry out incident reporting and statistics monitoring  
  • To report statistics to the Home Office (these are required by law to create national statistics, and are anonymised)  
  • To provide evidence for law enforcement investigations and court hearings, such as audio recordings or transcripts of 999 calls  
  • To help identify and reduce the number of hoax calls and false alarms  
  • To facilitate public safety and fire prevention work, which may include sharing personal data with our partners  
  • To hold the Patient Report Forms for medical treatment (or when treatment is refused) which our crews may provide when attending incidents for Clinical Governance auditing.  

Types of data 

The types of personal data we collect, process, hold and share include: 

  • Contact details of the caller*. 
  • The address of the incident, which may be the address of your property 
  • Voice recording of all calls made in and out of our Control room, including 999 calls 
  • Any victim incident information you give us (including name, address, age, gender, telephone number, injuries, details of any medical support given) 

*Even if you have barred the ‘calling line identity’ facility, your telephone number will be displayed to the operator and recorded. This is so we can quickly find the approximate location of the emergency you are calling from. 

Collecting it 

Personal information will be taken from callers, victims, witnesses, AF&RS staff and other emergency services’ staff where other agencies are involved in the incident. 

Collection may be over the phone or in person and is transferred onto our mobilisation system and the Home Office Incident Recording System (IRS) by AF&RS staff. 

Our crews will complete a Patient Report Form for any medical treatment provided by us or refused at the incident scene. 

Our lawful basis

We have statutory duties under the Fire Services Act 2004 to respond to emergencies. We also follow the Home Office Fire and Rescue National Framework for England, which states that we are expected to develop partnerships to support risk reduction services to those identified as vulnerable and, wherever possible, to share intelligence and relevant risk data. Collecting and sharing of incident data is for these reasons. 

The lawful basis on which we collect and use this information is that it is necessary for the performance of a task carried out in the exercise of our official authority as a Fire and Rescue Service (UK General Data Protection Regulation (UK-GDPR) 2016, (Article 6 (1) (e)). Sensitive personal, or ‘special category’, data can be collected and used for the substantial public interest of the data subject (Article 9 (2) (g) of the UK-GDPR and the Data Protection Act 2018 Schedule 1, Part 2 – Statutory and Government purposes). 

Information sharing  

During a response to an incident, information is shared with operational crews to help assist with deployment and their response. Verbal and electronic messages are relayed between operational crews and Service Control to ensure an effective response. 

Information may be passed to partner agencies and other emergency services in attendance. For example, we may share medical information to support the ambulance service in providing care to you, to protect your vital interests. 

Incident reports and fire investigation reports may be disclosed to owners/occupiers of an affected property or vehicle, as well as solicitors, insurance companies and loss adjusters acting on behalf of the owner/occupier or a third party. All such requests must be in writing and will be dealt with as a Freedom of Information request. We will ensure that the information we disclose is lawful and in line with data protection legislation. In the event we are unable to disclose information under the Freedom of Information Act, and your request can be dealt with under another process, we may require further information from you, such as ID and/or proof of your entitlement to that information.  

We must by law share some information with the Home Office for research and statistical purposes. This is via their Incident Recording System (IRS), and they have their own Privacy Notice on their website. 

In the interest of the public, we publish details of incidents on our website, social media accounts, and liaise with local press on incidents of interest.  We do not share personal information of the victims involved; however, persons can sometimes be identified due to the location and scale of the incident. 

We also publish anonymised incident data on our website and within various performance reports. Please refer to the Our Performance section for more information. 

We may send you a survey after an incident, to ask for your views on our service. If you choose to complete this, all responses are returned to an external organisation called Opinion Research Services, who are an independent research company. They will process and analyse the responses but will keep them anonymous and only provide us with a summary to help us improve our performance.  

If we are required to share your personal information in other circumstances, such as with other Law Enforcement agencies for the prevention and detection of a crime, we will always ensure we have a valid lawful processing condition which allows us by law to share the information, whilst taking into consideration your information rights and expectations of privacy. 

Storing it 

We retain incident mobilising data and incident logs data in line with Service policy so we can analyse how best to serve our community and to track trends over time. We retain our voice recordings of emergency calls, so they are available if needed for evidence in a court hearing or to aid Law Enforcement investigations.  All data is securely disposed of once the given retention period is reached. 

The information gathered during the incident is stored on the Control mobilising system(s), with access restricted to those who need it to perform their role, such as Control room staff, operational crews and Managers. 

We retain copies of Patient Report Forms for 7 years after the incident. 

Your data rights 

Please refer to the your data rights section.   

Why we collect and use this information 

Avon Fire & Rescue Service (AF&RS) are committed to protecting and supporting vulnerable people including children, young people and adults at risk of being abused or neglected. Our personnel frequently work with families and their children, in their homes, schools and communities and have a duty of care to take action to prevent the suffering of a child or vulnerable adult. 

Government guidance makes it clear that safeguarding is a shared responsibility and depends upon effective joint working between agencies and professionals that have different roles and expertise. AF&RS therefore work with other agencies to ensure that we escalate any safeguarding concerns and where appropriate, AF&RS will always seek the individual’s cooperation to participate in the safeguarding intervention. 

We use the data to:  

  • prevent harm to, and promote the welfare of adults and children at risk  
  • record and evaluate our work  
  • derive statistics which inform decisions about how we improve safety and support the development of our staff  
  • help you contact other services which may benefit you or improve your safety. 

Types of data 

We hold the following personal information about those individuals for whom either safeguarding or welfare concerns have been raised: 

  • name, address, and date of birth of the adult or child 
  • names and addresses of a responsible adult (for example, a social worker) 
  • information relating to any personal risk to the adult or child 
  • relevant characteristics of the adult or child, such as special educational needs, behavioural information, or disabilities. 
     

Our lawful basis 

The lawful basis that we may collect, share and process personal data for safeguarding concerns is when it is

  • necessary for compliance with a legal obligation to which the controller (us) is subject to (as per UK-GDPR Article 6 (1) (c)). The Care Act 2014 and Children’s Act 2004 places a responsibility on organisations to work effectively in partnership to safeguard and promote the welfare of adults and children.
  • necessary for the performance of a task carried out in the public interest (as per GDPR 6 (1) (e)) as we have incidental powers under the Fire & Rescue Services Act, in that ‘we may take any action we consider appropriate in response to an event or situation that causes or is likely to cause one or more individuals to die, be injured or become ill (Part 11 (2) (a) FRS Act 2004’.
  • The lawful processing basis for special category data (sensitive personal data, such as health data) would be when processing is necessary for reasons of substantial public interest (as per UK GDPR 9(2)(g)), which is supported by conditions within the DPA 2018 – Schedule 1, Part 2: 18 Safeguarding of children and of individuals at risk as also set out in our AF&RS Data Protection Policy.
  • Fire and rescue services must have regard to the Fire and Rescue National Framework that sets out priorities, objectives and guidance in connection with the discharge of their functions. 
     

Information sharing 

We have a responsibility to promote social wellbeing and prevent harm. To ensure you receive relevant services and we improve our own, we often work with other authorities, agencies, and partners including: 

  • community organisations 
  • council, social and educational services 
  • police and other emergency services 
  • health services. 

If we identify a safeguarding concern as part of our engagement, we have a legal obligation to work with our statutory partners to safeguard adults and children at risk. If we identify a welfare concern as part of our engagement, we obtain your consent before sharing any information. However, in some circumstances due immediate risk to the individuals and/or others, it may not be possible to gain consent. 

Storing it 

All information is stored on a database and is subject to our information security controls, policies and retention schedule. Any data no longer required will be securely disposed of. 

Your data rights 

Please refer to the your data rights section

Why we collect and use this information 

Avon Fire and Rescue Service (AF&RS) has a responsibility for the health, safety and welfare of our employees and a responsibility to mitigate the risk of fire (and other emergencies) and the environmental impact to communities. 

We need effective arrangements for accurate, relevant and timely information of identified hazards and known risks to a premises/site and making this available to ensure the safety of firefighters. Information gathering and analysis of that information is of critical safety importance as it can be used to deliver appropriate training for personnel exposed to specific risks. 

Failure to provide the information may mean there is a breach of the Fire and Rescue Services Act 2004. 

Types of data  

We gather information about the use of the building, the hazards and risks, construction, operational and environmental considerations and information to assist in fighting a fire, which can also include (but is not limited to) the following personal data: 

  • Name and Contact details for responsible person of a business/commercial/local authority premises (on behalf of the business/organisation in question to contact in emergency) 
  • landlord/property owner 
  • Key entry codes for private dwellings for vulnerable residents  
  • Oxygen users 

Personal information obtained for this process will be either provided by you; from the organisation subject to the Site Specific Risk activity; information provided by the resident or someone on their behalf, such as a carer or a partner agency, or from a Home Fire Safety Visit;  information obtained by us at a previous site visit; and from other legitimate sources. 

Our lawful basis

We need your information to carry out our statutory duties under the Fire and Rescue Services Act 2004.  This places a duty on us to obtain and provide information as part of our provision to deal with fires and other emergencies. This information is used by our operational personnel during an incident to provide an effective response as well as to safeguard them and the community. 

Any personal information obtained is processed under the lawful processing conditions of the UK General Data Protection Regulation (UK-GDPR) Article 6(1) (e) because processing is necessary for the performance of a public task. 

Information sharing  

Information is shared between departments for administrative purposes and to ensure the latest information is available to operational personnel. 

Appropriate information will also be disseminated to other Category 1 & 2 responders, such as other emergency and statutory authorities, where a multi-agency response is required, in accordance with our obligations under the Civil Contingencies Act 2004. If the building we hold the risk information for is near a county boundary and likely to be attended by an appliance from a neighbouring fire service, the risk information will be shared via Resilience Direct accessed by neighbouring Services. Further information about Resilience Direct can be found here https://www.gov.uk/guidance/resilient-communications 

Storing it 

This information is kept until superseded.  It is kept securely and used by operational and Service Control staff to manage responses to incidents.  For commercial and local authority premises, we use the information to maintain contact with the named person to keep the risk information up to date and relevant, and we aim to check risk information at least annually for those premises identified as high and medium risk 

Your data rights 

Please refer to the your data rights section.  

Your data rights

The Data Protection legislation gives you various rights regarding data about yourself. These rights include: 

Not to be subject to automated decision-making including profiling

Automated decision making occurs where an electronic system uses personal information to make a decision without human intervention. AF&RS does not make any decisions that will have a significant effect on you without human involvement, including profiling. 

Withdraw Consent – You have the right, when the processing of your information is based on your Consent, to withdraw it.  Please note this right does not occur when processing takes place under another lawful basis, such as if we have a legal obligation to process your information.

Where possible, we will seek to comply with your request concerning your data rights, however we may be required to hold or process information to comply with law or one of our statutory duties, and therefore some of the above rights may not apply. If we are unable to comply with your request, this will be explained to you in writing. 

If you wish to exercise any of your rights, have a question about how your information is handled, or just want further information, please contact our Information Governance Team at our HQ address provided on this website or by emailing [email protected] or you can phone us on 0117 926 2061. 

You can read more about your data rights on our Data Protection pages and on the Information Commissioner’s website.

How to make a complaint 

If you are unhappy about our service, you can make a complaint to us in the first instance.

If you still remain unhappy, you can also complain to the Information Commissioner’s Office. 

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Helpline number: 0303 123 1113 ICO  
website: https://www.ico.org.uk 

Page last updated