Last updated: June 2022
Scottish Fire and Rescue Service (SFRS) is committed to protecting your personal information. The processing of personal data is covered by the General Data Protection Regulation 2018 and Data Protection Act 2018.
This privacy notice explains the information SFRS (“we”) are collecting about you, why we have collected it and how it will be used.
Process owner: Public Involvement and Consultations – Service Development
This notice relates to the following categories of data subject:
Interested individuals / groups / organisations
Why are we collecting your information?
The purpose for processing stakeholder contact details is to increase our reach in preparedness for all future SFRS projects and consultations and enable us to communicate and engage effectively.
We are aiming to create a stakeholders’ register that provides a consistent and efficient management of stakeholders’ contact details to improve external communication and engagement processes in the SFRS.
In terms of any forthcoming consultations, there would be a brief overview of the consultation: topic, purpose, process and timeline; a proposed mechanism is to have a facility on our website inviting interested parties to sign up to receive updates on consultations and any major projects requiring stakeholder involvement.
This benefits us by taking steps to consult as widely as possible and developing meaningful stakeholder involvement in the shaping SFRS while ensuring the fairness and legality of any consultation.
Outcome for you is to be kept informed of any subject/project where you have expressed a particular interest and where you want to contribute to shaping its progress.
How we collect the information about you?
Data will be collected via our website from your input. You will be added to our Stakeholders’ Register and be contacted with progress/updates and to participate in potential consultations with an option to unsubscribe at any time.
What information is being collected by us?
- Email address;
- Organisation/Group (if applicable);
- Job Title/Role (if applicable).
Legal basis for the processing
Before we process your data, we need a legal basis for doing so.
This is covered under the Data Protection Laws below:
- the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes – Art. 6(1)(a)
How the information will be used and where it will be stored
Who we share your information with?
Only our Public Involvement and Consultation team members are involved in creating the register and have access to your data.
There are occasions where your personal data can be shared without us asking you: if we have a legal duty or power to share information with other statutory bodies, when the public good is considered to be of greater importance than personal confidentiality and where your safety or the safety of others is at risk. Decisions will be made on a case-by-case basis.
How long will we hold your information for?
Your data will be held in the register for as long as it is required. Every two years, an audit of all data will be undertaken to ensure your consent is still valid, check the accuracy of the data and to ensure we are not keeping any personal data longer than necessary. You have the option to unsubscribe from our register at any time.
The information we have collected will not be used to make any automated decisions about you.
Requesting access to your personal data and your rights
Under data protection legislation, you have many rights regarding your personal data. You have the right to:
- be informed of how we will process it;
- request a copy of what we hold about you;
- have it deleted (where we do not have a legal requirement to retain it);
- have it rectified, restricted;
- object to us using it;
- data portability (in certain circumstances).
Where we are processing data based on your consent, you have the right to withdraw that consent by unsubscribing at any time.
To act on any of the above rights or if you have any concerns about how we are using your personal information, please contact the Information Governance Manager (contact details below).
However, if you are unhappy with the way we have processed your information or how we have responded to your request to exercise any of your rights in relation to your data, you can raise your concerns direct with the Information Commissioner’s Office, Tel. No. 0303 123 1113 or in writing to:
Information Commissioner’s Office
For more information about your rights: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. To complain to the Information Commissioner’s Office: https://ico.org.uk/concerns/.
We are a Data Controller for personal data. Our details have been registered with the Information Commissioner’s Office (ICO) and our register number is Z3555625. The ICO’s register can be viewed online at http://ico.org.uk.
If you would like to discuss anything in this privacy notice, please contact:
Carol Wade, Information Governance Manager/Data Protection Officer.
Review date: June 2024
Audit date: May 2023