Privacy policy

Scottish Fire and Rescue Service (SFRS) is committed to protecting your personal information. This privacy notice explains how we use your information and how we protect your privacy. The processing of personal data is covered by the General Data Protection Regulation and Data Protection Act 2018.

We are a Data Controller for personal data. Our details are registered with the Information Commissioner’s Office (ICO) and our register number is Z3555625. The ICO’s register can be viewed online at ico.org.uk.

We use personal information about members of the public, businesses, and organisations to provide fire prevention, fire protection and emergency services to the communities that we serve. We also collect and use personal information of our own staff.

• Firefighting, responding to road traffic accidents and other emergency
  situations;
• Carrying out home safety visits;
• Fire investigations at homes, business and public areas;
• Fire prevention awareness, advice and assistance;
• Business fire safety advice and inspections;
• Regulatory, licensing and enforcement actions for business fire safety;
• Improving community safety;
• Reducing arson;
• Checking the quality and effectiveness of our services;
• Maintaining our own records and accounts;
• To check our services, meet legal duties, including for diversity and equality
  of opportunity;
• Where you have agreed for asking your opinions about our services;
• Supporting and managing our staff;
• CCTV on our buildings and vehicles for the prevention and detection of
  crime;
• Investigating complaints about our services;
• Recruitment and Selection (including psychometric testing);
• Recognition and awards.

All the reasons we use your personal data meet at least one of the following legal
reasons:

• To carry out our public duties of a Fire and Rescue Service from the Fire
  (Scotland) Act 2005;
• To work with other public organisations such as the police, ambulance
  service and local councils for public safety;
• For the investigation, detection, and prevention of crime or if we are required
  to do so by law;
• To protect someone from danger from themselves or others. This could be
  danger to you, people around you, our staff, or staff in other services like the
  Police or Ambulance Service;
• Explicit consent for activities that help us in carrying out our public power of
  improving general community safety;
• For staff recruitment, employment, or social security reasons.

To deliver our services effectively, we may need to collect and process personal data
about you. Personal data refers to any information about a living individual who can
be identified. We will never use your data for third party marketing.
We collect data using:

• Online forms;
• Telephone calls;
• Personal contact including visits;
• Letters and paper forms;
• Emails;
• CCTV footage.

We collect and use different kinds of information, including:

For taking 999 calls and responding to an emergency:

• Incident details, including location;
• What services have been provided;
• Recording of 999 calls;
• Type of household, e.g. single occupant, children;
• Information about buildings which might affect how we respond to an
  emergency, for example, stored flammable goods.

For advising on fire risks at home:

• Personal details, for example, name, age, address;
• Contact information;
• Physical or mental health details;
• Lifestyle and social circumstances relating to fire risk or other high risks;
• Opinions and decisions on fire safety;
• What services have been provided.

To identify community fire risks:

• Locations of fire related incidents;
• Addresses of fire related risks, e.g. high-risk occupiers, use of home oxygen,
  threats of arson.

For business fire safety advice and enforcement action:

• Contact information;
• Licenses, certificates held;
• Opinions and decisions on fire safety.

To check our services meet legal duties, including for diversity and equality of
opportunity:

• Age group;
• Gender identity;
• Disability;
• Racial or ethnic origin;
• Religious or other beliefs.

We are committed to keeping your personal data safe. We have physical, electronic
and organisation procedures to protect and safely use the information that we hold
about you. These include:

• Secure work areas;
• Information security training for our staff;
• Access controls on information systems;
• Encryption of personal data;
• Testing and checking security controls;
  SPPC/IG/PrivacyNotice/Website
• Checking privacy when we change how we use or store personal
  information;
• Written contracts with any companies we use for storing information.

Where we use more sensitive data, like health information, we protect this
information with extra controls.

We use anonymised data wherever we can so individuals can’t be identified

• You;
• Your family members, employer or representative;
• Your landlord;
• Other public bodies, such as the police, ambulance service, local councils
  and the NHS;
• Charities and support services who you have given permission to share your
  information for fire safety reasons;
• Other organisations such as companies who you have given permission to
  share your information for security or key holding purposes.

Sometimes, we share personal information about you with others. These
organisations include but are not limited to:

• Other blue light emergency services, for example, police and ambulance, so
  we can respond to incidents;
• Public utilities, for example, to cut off a gas supply in an emergency;
• Local councils if we have serious concerns about your wider safety that a
  local council can help with;
• Welfare organisations if you agree to your information being shared;
• Government, for example, anonymised information about our activities used
  for national fire statistics;
• Courts and law enforcement, prosecuting authorities, solicitors;
• Insurance companies and loss adjusters where they are authorised to act on
  your behalf following an incident at your property.

Information will only be shared when it is strictly necessary to help us meet a legal
duty, you agree or it’s fair to share under another data protection reason. You may
have the right to refuse.

We may use commercial companies to store and manage your information on our
behalf. Where we do this, there is always a contract to ensure that the requirements
of the GDPR on handling personal data are met.

We only keep your information for as long as we need it. This is to meet our legal responsibilities and best practice reasons. For example, we keep finance information for seven years, we keep unsuccessful recruitment information for six months and we keep 999 call recordings for three years unless we need them longer for criminal investigations. This information is all recorded on our SFRS Records Retention Schedule. Further information on retention is available by contacting SFRS.GDPR@firescotland.gov.uk.

In general, you have the right to request that SFRS:

• Provide a copy of your personal information;
• Correct any errors in your personal information and restrict processing until
  completed;
• Object to the processing depending on the service and legal basis;
• Erase personal information depending on the service and legal basis;
• Withdraw consent and have your data deleted if consent is used as the legal
  basis for the service;
• To be informed of automated decision-making including profiling for the
  service.

Where possible, we will try to meet your request, but we may need to hold, retain, or
process information to comply with a legal duty.

If you want a copy of or a description of the personal data, we hold that relates to
you, please ask in writing, by letter or email. Please be as specific as possible about
the information you want. You can read our Data Protection guide on our website for
further details.

We will reply with your information within one month of receipt or from the day on
which we have the necessary information to confirm your identity. There are some
lawful restrictions on information we send you, for example, other people’s personal
information.

You may be entitled to correction, restriction, objection, and erasure of your personal
information depending on the service and legal basis.

Please send your request:

If you want to complain about your personal information rights, please contact the Information Governance Manager:

If you are not happy with how we deal with your personal information complaint, you can complain to the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. They can also provide advice and guidance and can be contacted through their website: https://ico.org.uk or their helpline on 0303 123 1113 or in writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

The SFRS website does not automatically capture or store personal information, other than logging the user's IP address and session information, such as the duration of the visit and the type of browser used. This is recognised by the web server and is only used for system administration and to provide statistics which the SFRS uses to evaluate use of the site.

This privacy statement covers the SFRS at firescotland.gov.uk only. Links within this site to other websites are not covered by this policy.

More details about cookies on this website can be found on our cookies policy page. 

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice.