Privacy notices

Devon and Somerset Fire and Rescue Service (DSFRS) is a Data Controller, as we determine the purposes for how we collect and use your data in order to carry out our public duties. We are required by law (General Data Protection Regulation / GDPR) to have a Data Protection Officer and their contact details are:

Sarah Bailey - Data Protection Officer
Devon and Somerset Fire & Rescue Service
The Knowle
Clyst St George
Exeter
EX30NW

Email: informationgovernance@dsfire.gov.uk
Phone: 01392 872582

This notice details how we use and share your information. We will continually review and update this privacy notice to reflect changes in our services and feedback from service users in order to improve our transparency and comply with legislation.

Why we collect your information

We need to collect and hold information about you, in order to:

  • deliver public services relating to fire and rescue services and fire safety
  • confirm your identity to provide some services
  • contact you by post, email, or telephone
  • understand your needs to provide the services that you request
  • obtain your opinion about our services
  • help us understand how we are performing our public duty to the communities we serve and identify how our services may need to evolve
  • allow us to undertake statutory functions efficiently and effectively for the establishment, exercise, or defence of legal claims.

To process your data, we need to ensure we meet one of six lawful reasons as required by the GDPR. As a Public Authority; our reasons will typically be because we must process your data to meet a legal obligation to do so or that we can carry out a task in the interest of the public. 

Detailed information on which lawful reasons apply for each of our services can be found in the privacy notices below.

When appropriate, your personal data will also be provided to companies who carry out some services or functions on behalf of the Service (“data processors”), to other public bodies - such as the police, councils and NHS – and sometimes to non-statutory organisations – such as the Fire and Rescue Indemnity Company (FRIC) and insurance providers.

This is explained in the privacy notices.

Find out more about the data collection requirements placed on us by the Home Office.

How we keep it safe

Our aim is not to be intrusive, and we won’t ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t see it.

We have an Information Governance Framework that includes a Data Protection Policy and a set of information security policies. These define our commitments and responsibilities to your privacy and cover a range of information and technology security measures.

We provide training to staff that handle personal information and take appropriate measures if they misuse or do not look after your personal information properly.

We will not keep your information longer than it is needed or where the law states how long this should be kept and we will dispose of paper records or delete any electronic personal information securely. For details of how long we retain records for each service, please see the specific privacy notices.

Our privacy notices

Home safety visits

Grey

Why we collect and use this information

Our prevention work is the first step in reducing the risk of having a fire in your home and we do this by offering members of the community a free home safety visit.

Type of data

The categories of personal and special data collected include:

  • the occupant’s contact details (name, address, telephone number, email address and confirmation of whether individuals are over the age of 65 or under the age of 18)
  • the date of birth if we need to make a sensory loss referral
  • information relating to any vulnerability identified during the visit (including relevant health information, such as visual impairment or hearing loss, and relevant lifestyle information).

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation. 

  • UK GDPR Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller. We collect personal information to exercise our statutory function under the Fire Services Act 2004 to promote fire safety (Core Function 6 Fire Safety) and the duty to promote the well-being of individuals under the Care Act 2014.
  • UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

Information sharing

If we fit a hard-of-hearing smoke alarm in your property; we will ask your consent to share your name, address, and date of birth with the sensory loss teams within Devon, Torbay, and Somerset County Councils.

We work with statutory and non-statutory community partners to ensure members of the community are safe in their homes. Sometimes it is necessary for us to make referrals to our partner organisations to support our prevention work and we are legally obliged to do this under the Fire Services Act 2004 and the Care Act 2014. We do this by completing a safeguarding referral to our internal team.

Following a home safety visit, if we identify that you may benefit from a referral to another agency we will discuss this with you and may refer you on your behalf. In order for us to refer on your behalf, you will need to give consent.

If you have consented to provide feedback on your home safety visit, your personal data will be shared with our Communications team.

Our non-statutory partners make referral requests to us to carry out a home safety visit. We have partnership agreements in place with each of our recognised partners which set out the governance and lawful basis for sharing name and contact details. Our partners will ask for your consent to make a referral when they think you will benefit from a home safety visit from us. Consent for a home safety visit referral must be obtained prior to a partner making a referral into our Prevention team unless there is a significant risk to the individual in relation to a fire, where professional judgment can be applied.

If you have been referred to us for a visit, confirmation that the visit has taken place may be sent to the agency that referred you to us. This is via email and only includes a postal address. 

The categories of partner organisations we work with include:

  • charities and voluntary services
  • care agencies
  • housing associations
  • utility companies
  • Police and Home Office 
  • NHS
  • South West Ambulance Service
  • Social Services
  • local authorities
  • commissioned organisations 
  • private healthcare providers.

How long it’s kept

We normally keep home safety visit information for six years. (However, where we have identified a high safety risk for an individual we will retain the relevant information for as long as it remains current, for example where we have fitted equipment with a 10-year lifespan; even if that is longer than six years).

If you have consented to be contacted for feedback on your home safety visits Devon and Somerset Fire and Rescue’s Communications and Engagement team will retain your personal data for as long as you are happy to keep receiving communications.

You can stop communications at any time by clicking unsubscribe from all emails located at the bottom of every email.

Your rights

See your data, your rights section below.

Response services

Grey

Why we collect and use this information

We respond to emergency calls from members of the public and we need to collect and process personal information about those individuals and others involved in the emergency in order to carry out our services

Type of data

The categories of personal data collected in relation to a call to our control room include:

  • the audio recording of 999 calls
  • victim and caller information (including name, address, gender, telephone number)
  • details of injuries sustained.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation.

  • UK GDPR Article 6 (1)(e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller.  We collect this information to enable us to carry out our statutory obligations under the Fire Services Act 2004 but once the incident is closed, we keep incident data for other purposes including:
  • Mandatory reporting of national statistics to the Home Office. This will include personal information but members of our community cannot be identified from published statistics.

Find out more about the data collection requirements placed on us by the Home Office (for example; regarding incidents and prevention work). 

See a copy of the Home Office Incident Recording System (IRS) Privacy Notice

  • Sharing incident information with other fire and rescue services for the purposes of coordinating our emergency response and statistical and planning purposes.
  • Provide evidence for court hearings such as audio recordings of 999 calls depending on the nature of the incident.
  • Analysing our incident data to identify trends and predict areas within our communities that are more likely to experience fire-related emergencies. This does not involve automated decision making and data is depersonalised to carry out this task.
  • UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

Information sharing

We share information with the police and ambulance services to help identify and reduce the number of hoax callers.

  • Incident information is held securely on a system hosted by Capita and shared between our fire and rescue service (FRS) partners; Hampshire FRS and Dorset & Wiltshire FRS with whom we work together to ensure a robust emergency mobilising system is in place. For this purpose, we identify ourselves as Joint Data Controllers as we use the same information for the same purposes.
  • In the interest of the public, we also publish details of incidents in our latest incidents news feed on our website and liaise with the local press on incidents of interest. We do not share personal information of the victims involved however persons can be identified due to the location and scale of the incident.
  • If we attend a fire-related incident that is caused by faulty white goods, we will ask your consent to share your details with the manufacturer.

How long it’s kept

We keep incident mobilising data for a period of 10 years as we use it to analyse how best to serve our community. A 10-year incident cycle allows us to identify trends and allocate our resources in the most appropriate way. We record emergency calls and keep the audio for a period of two years but we may keep specific calls for longer depending on the circumstances; such as if it’s needed as evidence for a court hearing.

Your rights

See your data, your rights section below.

Business safety

Grey

Why we collect and use this information

Devon and Somerset Fire and Rescue Services’ fire protection activities include working with local businesses and landlords to ensure fire safety law is understood and followed. Our core activities include fire safety inspection programmes that may lead to enforcement actions where fire safety improvement is required.

We use the data collected to carry out the following tasks:

  • delivery of inspection programmes on local business/commercial premises
  • responding to public concerns about business/commercial premises
  • issuing statutory notices
  • consultation of building regulations
  • consultation on licencing applications
  • promotion of fire safety advice and practices.

In the event of any investigation of fraud, other criminal activity or civil proceedings, the Service may be obliged to disclose personal data to the relevant authorities (such as the police or Crown Prosecution Service) and/or external providers (such as legal representatives).

Any personal information obtained for this process will be either provided by:

  • the individual themselves
  • a member of the public
  • the organisation subject to the fire safety activity
  • the information available in the public domain, or any other legitimate sources, for example, the statutory partners that we work with.

Type of data

In order to carry out these activities, the Service may collect the name and contact details for the following:

  • the responsible person of a business/commercial premises (on behalf of the business/organisation in question)
  • landlord/property owner
  • licensee details held under licencing legislation
  • members of staff, for example, the local store manager
  • personnel that work on behalf of third-party organisations involved in the business fire safety process (such as councils, surveyors, architects, solicitors, law enforcement bodies, contractors and other agencies)
  • members of the public who raise business fire safety concerns or contact us for advice.

Our lawful basis

We carry out the processing of personal data by a public authority in accordance with the UK General Data Protection Regulation.

  • UK GDPR Article 6 (1)(e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller.  We collect this information to enable us to carry out our statutory obligations under the Regulatory Reform (Fire Safety) Order 2005 (Fire Safety Order) as an enforcing authority.
  • We are required to provide fire safety prevention activities under Section 6 of the Fire Services Act 2004.

Information sharing

To support businesses and ensure that commercial properties comply with the Fire Safety Order, the Service works directly with other organisations that also support fire safety including councils, surveyors, architects, solicitors, licencing bodies, contractors and law enforcement bodies.

  • As a regulator, we may share information about compliance and risk with other regulators, following the principle of the Regulators’ Code of “collect once, use many times” when requesting information from those we regulate.
  • The Service will share information with other regulators about businesses and other bodies they regulate, to help target resources and activities and minimise duplication.

We have a statutory duty to maintain a register of information concerning the issue of prohibition, alteration and enforcement notices (statutory notices), which must be open to inspection by the public free of charge. We issue these types of notices under the Fire Safety Order. This enforcement register is available on our website. In some cases, individual names of landlords or sole traders will be published.

How long it’s kept

We keep inspection data for a maximum of 10 years.

Where we have issued a statutory notice a record will be kept whilst the notice remains in force and up to a period of 10 years following its disposal.

Statutory notices will remain on our public register until they are satisfactorily complied with and thereafter for three years.

Where we have issued a Simple Caution we will retain a record of it for a period of two years from the date of issue. There will be no public record.

Where we have investigated a breach under the Fire Safety Order, a record will be kept for a period of:

  • ten years after the investigation has concluded where the outcome does not result in taking legal action through the courts, or
  • a period of seven years after the determination by the courts and, if applicable, any custodial sentence has been spent

We will not keep the data we collect for longer than is necessary. For example; if a building has been demolished or the Fire Safety Order no longer applies we will update our records as soon as we are made aware.

Your rights

See your data, your rights section below.

Recruitment

Grey

Why we collect and use this information

As part of any recruitment process, the Service collects and processes personal data relating to job applicants. The Service is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

  • We need to check that we are complying with our legal obligations e.g. checking a successful applicant's eligibility to work in the UK before employment starts.
  • We will process personal data from job applicants and keep records of the recruitment process, allowing us to deliver a service, assess and confirm a candidate's suitability for employment, and decide who to offer a job. We may also need to process data from job applicants to respond and defend against legal claims.
  • We will process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief and to monitor recruitment statistics for equality monitoring purposes. Whilst we may ask for this information, we rely on your consent to provide it.
  • We also collect information about whether applicants are disabled in order to make reasonable adjustments during the recruitment process. We process such information to carry out our obligations and exercise specific rights in relation to employment. 
  • We are obliged to seek information about criminal convictions and offences. This is because it is necessary to carry out our obligations and exercise specific rights in relation to employment and undertake our safeguarding role to protect children and vulnerable adults.
  • We also collect information regarding your entitlement to drive and any current penalty points or disqualifications, if the role you are applying for requires a valid driving licence. This is requested through the Direct Gov driving licence check service and your driving licence check code will only be requested once the intended offer is made. 

Type of data

We collect a range of information about applicants. This includes:

  • your name, address and contact details, including email address and telephone number
  • details of your qualifications, skills, experience and employment history
  • whether you have a disability for which the Service needs to make reasonable adjustments during the recruitment process
  • information to determine your entitlement to work in the UK
  • interview notes and test results collated at selection processes.

We collect this information in various ways, for example from application forms, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment, including online tests.

We may also collect personal data about you from third parties, such as references supplied by former employers and information from criminal records and driving licence checks. We will seek information from third parties only once an offer of employment has been made and you will be informed when this will take place.

Data will be stored in a range of different places, including on your application record, in Human Resources management systems and on other IT systems (including email). We ensure that appropriate security controls are in place to keep personal information safe and are in line with our data protection policy and procedures.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation. 

  • UK GDPR Article 6 (1) (c) - Processing is necessary for compliance with a legal obligation to which the controller is subject.  We collect this information to fulfil our legal obligations under the Equality Act 2010 which protects people from discrimination in the workplace.  Data from successful applicants are further processed because it is necessary for an employment contract.
  • UK GDPR Article 9 (2) (b) - Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment.

Information sharing

Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR team, interviewers involved in the recruitment process and managers of the particular vacancy.

If applying for the role of on-call firefighter, your name and email address, and the station you have applied for and your status in the process may be shared with our Recruitment and Retention Officer in order for them to offer you their support and guidance through the recruitment process.

We will not share your data with third parties unless your application for employment is successful and it makes you an offer of employment. If successful, we will share your data with the following:

  • your former employers and personal referees to obtain employment references
  • Devon County Council or Disclosure Scotland to obtain necessary criminal records checks
  • our Occupational Health provider IMASS, to obtain medical clearance
  • Direct Gov to obtain a driving licence check.

For applicants who require permission to work in the UK, we may need to share personal data with legal advisers and the Home Office to make sure we comply with immigration requirements. 

How long it’s kept

If your application for employment is unsuccessful, we will hold your data on file, including interview notes and test results, for 12 months after the end of the relevant recruitment process so we can respond to any queries, provide feedback if you request it and for statistical purposes. Anonymised data will be kept for monitoring purposes.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained for the duration of your employment plus six years thereafter.

Your rights

See your data, your rights section below.

Working with children and young people

Grey

Why we collect and use this information

Our youth work is designed to reduce fire risk and fire crime through education. Our activities include the Fire Setter Intervention Programme and uniformed youth groups, early learning fire safety for early learning practitioners and a school education programme. We have a separate privacy notice on this page for our Fire Setter Intervention Programme.

Uniformed youth group programmes are open to young people between the ages of 12 to 18 years.

Type of data

  • Contact details of the participant (name, address, contact number).
  • Email address for a parent or young person to support virtual sessions where necessary.
  • Date of birth of the participant.
  • Ethnicity.
  • Medical information.
  • Emergency contact details for the participant (parent or guardian).
  • Photographs of scheme participants undertaking activities with due consent from parent/carer/responsible adult.

Our lawful basis

We carry out the processing of personal data by a public authority in accordance with the UK General Data Protection Regulation.

  • UK GDPR Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller. The Fire Services Act 2004 requires us to provide fire safety advice and education as part of our Community Safety prevention work.
  • UK GDPR Article 9 (2) (a) – The data subject has given explicit consent to those personal data for one or more specified purposes.  For a child to participate in an education programme, we collect and use personal data with the explicit consent of the parent or carer.

Information sharing

We have a responsibility to promote social wellbeing and prevent harm, to ensure you receive relevant services and drive continuous improvement, we often work with other authorities, agencies and partners including:

  • other fire and rescue services (anonymised data for research purposes)
  • community organisations 
  • youth groups
  • councils
  • police and other emergency services 
  • social services 
  • educational services
  • health services
  • The Home Office (anonymised for statistical reporting) 

If we identify a safeguarding concern during any engagement with the public, we have a legal obligation to work with our statutory partners to safeguard them under the Children and Social Work Act 2017, The Care Act 2014 and Children’s Act 2004.  We will therefore share our concerns with the most appropriate partner. Please see our safeguarding privacy notice for more information.

How long it’s kept

All information is securely stored in line with information assurance security controls and policies. Uniformed youth groups data is securely stored until such time as awards, certificates and pass-outs have been completed.

With the exception of name, date of birth and the unit they attended, together with the start and end dates of their participation. This data is maintained for safeguarding purposes.

Your rights

See your data, your rights section below.

Safeguarding

Grey

Why we collect and use this information

We have a responsibility to safeguard adults and children at risk that we identify through our operations as a fire and rescue service.

Type of data

We hold the following personal information about those individuals for whom either safeguarding or welfare concerns have been raised:

  • name, address, and date of birth of the adult or child
  • names and addresses of a responsible adult (for example, a social worker)
  • information relating to any personal risk to the adult or child
  • relevant characteristics of the adult or child, such as special educational needs, behavioural information, or disabilities.

We use the data to:

  • prevent harm to, and promote the welfare of adults and children at risk
  • record and evaluate our work
  • derive statistics which inform decisions about how we improve safety and support the development of our staff
  • help you contact other services which may benefit you or improve your safety.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation.

  • UK GDPR Article 6 (1) (c) - Processing is necessary for compliance with a legal obligation to which the controller is subject. The Care Act 2014 and Children’s Act 2004 places a responsibility on organisations to work effectively in partnership to safeguard and promote the welfare of adults and children.
  • UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

Fire and rescue services must have regard to the Fire and Rescue National Framework that sets out priorities, objectives and guidance in connection with the discharge of their functions.

Information sharing

We have a responsibility to promote social wellbeing and prevent harm. To ensure you receive relevant services and we improve our own, we often work with other authorities, agencies, and partners including:

  • community organisations
  • council, social and educational services
  • police and other emergency services
  • health services.

If we identify a safeguarding concern as part of our engagement, we have a legal obligation to work with our statutory partners to safeguard adults and children at risk. If we identify a welfare concern as part of our engagement we obtain your consent before sharing any information.

How long it’s kept

All information is stored on a database and is subject to our information security controls and policies.

We will keep safeguarding information for 10 years following the last action we have taken to ensure your personal safety. After this time it will be securely disposed of.

Your rights

See your data, your rights section below.

Firesetters intervention programme

Grey

Why we collect and use this information

We have a legal duty to reduce fire risk and fire crime through education. Our activities include the Firesetter Intervention Programme which has been running since 1995 and is designed to advise children and young people with firesetting behaviour. The aim of the Scheme is to help children and young people understand and control the feelings and circumstances that lead them to set fires.

Type of data

We hold the following personal information about those involved in the programme:

  • name, address and date of birth of the child or young person
  • names and addresses of the responsible adult
  • information relating to the instances of fire setting (such as referral information, assessment information, details of the history of setting fires, dates and details of the interventions that we have carried out)
  • relevant characteristics of the child or young person, such as special educational needs, behavioural information or disabilities.

We use the data to:

  • prevent and reduce fire crime and firesetting by children and young people.
  • record and evaluate our work
  • produce statistics which inform decisions about how we drive continuous improvement
  • help you contact other services which may benefit you or improve your safety
  • deliver and manage safety courses and services for young people.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation. 

  • UK GDPR Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller. The Fire Services Act 2004 requires us to provide fire safety advice and education as part of our Community Safety prevention work.
  • UK GDPR Article 9 (2) (a) – The data subject has given explicit consent to those personal data for one or more specified purposes. For a child to participate in an education programme, we collect and use personal data with the explicit consent of the parent or carer.

Information sharing

We have a responsibility to promote social wellbeing and prevent harm. To ensure you receive relevant services and we improve our own, we often work with other authorities, agencies and partners including:

  • community organisations
  • council social and educational services
  • police and other emergency services
  • health services
  • probation.

If we identify a safeguarding concern during any engagement with the public, we have a legal obligation to work with our statutory partners to safeguard them under the Children and Social Work Act 2017, The Care Act 2014 and Children’s Act 2004.  We will therefore share our concerns with the most appropriate partner.

How long it’s kept

All information is stored on a database and is subject to our information security controls and policies. In most cases, we will keep Firesetter data for ten years following the young person’s 18th birthday, or for 10 years following case closure if over age 18.

Your rights

See your data, your rights section below.

Procurement

Grey

Why we collect and use this information

We are processing your information in relation to our procurement of goods, services, and works so that we can:

  • contact you
  • conduct due diligence on suppliers (for example, financial stability) 
  • administer contracts 
  • purchase goods and services 
  • order items via our purchase order management system 
  • meet government legislation concerning contracts valued at over £25,000.

Type of data

  • Names.
  • Addresses.
  • Dates of birth.
  • Nationality.
  • Telephone number.
  • Email.

Our lawful basis

We process your personal data where it is necessary for managing or entering into a contract with us. Article 6(1) (b) of the General Data Protection Legislation (2018) says:

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Information sharing

We will share your information internally with the appropriate stakeholders. Limited details (e.g. supplier name and some contact details) of successful contracts will be published externally on the following.

How long it’s kept

All information is kept for the life of the contract and then archived for a period of seven years in line with our retention policy.

Your rights

See your data, your rights section below.

Collecting and use of personal data for protection, insurance and claims handling

Grey

Why we collect and use personal information

We will collect and hold some of your personal information if: 

  • you make claim against us, or we make a claim against you, which we deal with
  • we make a claim to our protection provider or our insurers which involves you
  • you are a witness to an incident where a claim is made.

We may collect your personal information directly from you or from other people such as your doctor, lawyer or employer.

The types of information we collect and hold

This personal information may include but is not limited to your: 

  • name, address, phone number, and email address
  • age and gender
  • medical information, past and current, including medical records and reports
  • disability information, including medical records and reports
  • employment records 
  • vehicle registration number
  • photograph and/or CCTV/video images of you or your vehicle or property.

Our lawful basis

We carry out the processing of personal data by a public authority in accordance with the UK General Data Protection Regulation. 

  • UK GDPR Article 6 (1) (f) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.  We will only use your personal information for one or more of the following reasons:
  • to process a claim
  • to defend or bring legal proceedings
  • to enable us to make a claim against our protection provider or insurers
  • to respond to complaints
  • UK GDPR Article 9 (2) (a) – The data subject has given explicit consent to the processing of those personal data for one or more specified purposes.  We will only use personal information about your health and your medical records if you agree that we can.

Information sharing

We may share appropriate personal information relative to a claim with our protection provider (Fire & Rescue Indemnity Company Limited) and their managers (Regis Mutual Management Limited) and our insurers. We may also share your personal information with other people and organisations in connection with a claim, such as our legal and medical advisers and loss adjusters.

How long it's kept

Your personal information is securely stored at our premises. We keep claims-related documents, which may include your personal information, for seven years from the date of settlement or closure of the claim, or such other statutory period relevant to the age of the claimant and/or the nature of the injury/disease if longer than seven years. When we no longer need to keep your personal information, we will delete it or destroy it securely.

Your rights

You can tell us at any time to stop using your information. You can write to us or email us.  If you do tell us to stop using that personal information, this may affect any claim you may have against us.

See your data, your rights section below.

Using cameras

Grey

Why we collect and use this information

Devon and Somerset Fire and Rescue Service (DSFRS) have installed CCTV on some of our premises for the purposes of monitoring site security, public and staff safety and the prevention and detection of crime.

We use cameras in some of our operational and service owned vehicles for the purpose of staff driver training and for administering insurance claims.

We use drones to enhance and improve firefighter safety and training.

We use body-worn cameras at some incidents for the purpose of improving situational awareness and to record decisions made at incidents.

Type of data

Cameras have the potential to capture a visual reference to the following:

  • gender
  • physical/mental health
  • ethnicity
  • religious/philosophical views.

Our lawful basis

We carry out the processing of images as a public authority in accordance with the UK General Data Protection Regulation.

  • UK GDPR Article 6 (1) (e) - Processing is necessary for the performance of a task carried out in the public interest or in an exercise of an official authority vested in a controller.
  • UK GDPR Article 9 (2) (g) - Processing is necessary for reasons of substantial public interest.

At our premises, we have placed appropriate signs to notify you that CCTV is in operation, their intended purpose and our contact details. In more dynamic situations such as attending incidents, additional signage will be displayed by individual staff operating camera equipment.

Information sharing

Where we receive requests for the footage we have captured, we may disclose information in accordance with the appropriate exemptions to the Data Protection Act 2018 and the codes of practice issued by the Information Commissioner and the Home Office.

How long it’s kept

Images captured by our premises and operational vehicle CCTV will not be kept for longer than 28 days. However, on occasions where there may be a need to keep images for longer, for example where a crime is being investigated, we retain the right to do so. 

Images captured for driver training purposes are kept for 3 years.

Images captured from our operational response support vehicles will be automatically overwritten every 30 days unless specific footage is needed for an insurance claim due to an accident. The footage will be downloaded and retained until the outcome of the accident investigation.

Images captured by drones or body-worn cameras are kept depending on the identified purpose.

  • Training – images are retained indefinitely for use in future training courses where footage identified as adding value.
  • Evidence – images are retained as required for public enquiries, court orders, safety events (fire investigations).
  • Debrief – images are retained for a minimum of 6 months unless identified as being required for the reasons set out above.

Your rights

See your data, your rights section below.

Commercial training courses

Grey

We deliver commercial fire safety training courses in association with commercial trading arm Red One Limited which is a wholly owned subsidiary of the Fire Authority. Red One administers course bookings and will share some of that information with us in order for us to deliver that training.

Type of data

We need to know the following information about a delegate:

  • name and contact details
  • employment details
  • health and medical information that is relevant to the course.

The above information is shared with us by Red One Ltd. For more information about how Red One Ltd process personal information, please view their privacy notice.

Our lawful basis

We carry out the processing of personal data as a public authority in accordance with the UK General Data Protection Regulation.

  • UK GDPR Article 6 (1) (f) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.  We process the above data for the legitimate interest in delivering a training course and carrying out a task in the interest of the public to deliver fire safety skills to members of the public and the business community.

Information sharing

Our commercial safety courses are accredited to a national standard and we work with a number of accrediting bodies. We will share with them a delegate’s course portfolio work which will include their personal information as detailed above and additionally some photographic evidence as appropriate. The awarding bodies that we work with are listed below.

  • Skills 4 Justice.
  • Pearsons BTEC.
  • City & Guilds.
  • Rescue 3 Europe.
  • Maritime Coast Guard Agency.

We will not share your information for any marketing purposes.

How long it’s kept

We will keep course portfolio information for a maximum period of six years and any course booking data for a period of 12 months.

Your rights

See your data, your rights section below.

M365 meetings

Grey

Why we collect and use this information

We use video conference functionality in M365 for holding internal meetings and ways to communicate with staff and external collaboration with 3rd parties, our communities and partner organisations.

Attendance reports are generated for each meeting. We may process additional data about you if the meeting is recorded. General purposes for recording a meeting you are a participant of may include:

  • training and awareness
  • note taking.

If there is an explicit, different reason for recording a meeting, the organiser or chair of the meeting will verbally explain what the purpose is.

Type of data

We hold names and email addresses of attendees at meetings via automated attendance reports. If we record meetings, then additional data about individuals will be processed including:

  • video footage
  • audio from conversations.

The chat function may be used to capture participant questions and other narrative. Content from chat function will be processed in non and recorded meetings.

Our lawful basis

To process this data, we rely on Article 6(1)(f) of the UK GDPR whereby processing is necessary for the purposes of legitimate interests pursued by us as a Data Controller (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subjects involved).

If you do not wish to be recorded, you have the option (where agreed) to mute the camera and microphone, opting to use the chat function to participate as necessary. Participant details will still be captured in the chat function and used for the purposes outlined above.

For different explicit recording purposes, the privacy notice will be given verbally, including clarification if a different lawful basis is being relied upon. If recorded content is likely to include special category data about meeting participants or other individuals, then a 2nd lawful basis from Article 9 of the GDPR will also be given.

Information Sharing

Recordings of the meeting are automatically shared with internal (staff) participants and will be available to view immediately after the meeting has finished. Guests and external attendees can view the recording if it is explicitly shared with them.

Sharing a copy of the recording outside of the purposes listed above and to non-participants, may be considered, and will require demonstrable justification from a lawful basis. If this is legitimate interest, a legitimate interest test will be completed prior to sharing. If it is consent, this must be evidenced from all participants as part of our transparency obligations.

How long its kept

The default retention period for M365 meetings hosted by the Service is three months. This can be overridden on a demonstrably justified basis based on business need. Longer term retention will be managed on the stream application of the M365 platform.

Your rights

See your data, your rights section below.

Further information

Please refer to Microsoft’s Privacy Statement – Microsoft privacy for further information or contact the Service’s Data Protection Officer via informationgovernance@dsfire.gov.uk.
 

Your rights

Under data protection legislation, you have statutory rights relating to your personal data.

  • Access – you have the right to know what data we hold relating to you and why, and to receive a copy of it.
  • Rectification – you have the right to have inaccurate information about you corrected.
  • Objection – you have the right to object to the Service using your information, and we would have to stop unless we have a sound overriding reason to continue.
  • Erasure, restriction and portability – in specific circumstances, you have the right to have your personal data deleted, to put limits on what the Service may do with it or to receive a copy in machine-readable form to take to another organisation.
  • There are also specific legal rights relating to automated decision making but the Service does not have any such processes to support the delivery of its public services.

Read about how these rights apply in the Service.

If you wish to exercise any of your rights, have a query on how personal data is handled within the Service, or want further information, contact our Data Protection Officer.

Sarah Bailey - Data Protection Officer

Devon and Somerset Fire and Rescue Service

The Knowle

Clyst St George

Exeter

EX3 0NW

Email: informationgovernance@dsfire.gov.uk

Phone: 01392 872582

More information on your rights is available on the Data Protection page and on the Information Commissioner's website.

Who to contact if you're not satisfied

In the first instance you can make a complaint to us.

You can complain to or seek advice from the Information Commissioner’s Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 01625 545700.

Other formats

Contact our Data Protection Officer if you would like a copy of a privacy notice in a different format.