Committed to protecting your personal information
Scottish Fire and Rescue Service (SFRS) is committed to protecting your personal information. This privacy notice explains how we use your information and how we protect your privacy. The processing of personal data is covered by the General Data Protection Regulation and Data Protection Act 2018.
We are a Data Controller for personal data. Our details are registered with the Information Commissioner’s Office (ICO) and our register number is Z3555625. The ICO’s register can be viewed online at ico.org.uk.
Why do we collect your personal information?
We use personal information about members of the public, businesses, and organisations to provide fire prevention, fire protection and emergency services to the communities that we serve. We also collect and use personal information of our own staff.
- Firefighting, responding to road traffic accidents and other emergency
- Carrying out home safety visits
- Fire investigations at homes, business and public areas
- Fire prevention awareness, advice and assistance
- Business fire safety advice and inspections
- Regulatory, licensing and enforcement actions for business fire safety
- Improving community safety
- Reducing arson
- Checking the quality and effectiveness of our services
- Maintaining our own records and accounts
- To check our services, meet legal duties, including for diversity and equality
- Where you have agreed for asking your opinions about our services;
- Supporting and managing our staff
- CCTV on our buildings and vehicles for the prevention and detection of
- Investigating complaints about our services
- Recruitment and Selection (including psychometric testing)
- Recognition and awards
What are our legal reasons for using your personal data?
All the reasons we use your personal data meet at least one of the following legal reasons:
- To carry out our public duties of a Fire and Rescue Service from the Fire
(Scotland) Act 2005
- To work with other public organisations such as the police, ambulance
service and local councils for public safety
- For the investigation, detection, and prevention of crime or if we are required
to do so by law
- To protect someone from danger from themselves or others. This could be
danger to you, people around you, our staff, or staff in other services like the
Police or Ambulance Service
- Explicit consent for activities that help us in carrying out our public power of
improving general community safety
- For staff recruitment, employment, or social security reasons
The data we may collect about you
To deliver our services effectively, we may need to collect and process personal data
about you. Personal data refers to any information about a living individual who can
be identified. We will never use your data for third party marketing.
We collect data using:
- Online forms
- Telephone calls
- Personal contact including visits
- Letters and paper forms
- CCTV footage
We collect and use different kinds of information, including:
For taking 999 calls and responding to an emergency:
- Incident details, including location
- What services have been provided
- Recording of 999 calls
- Type of household, e.g. single occupant, children
- Information about buildings which might affect how we respond to an
emergency, for example, stored flammable goods
For advising on fire risks at home:
- Personal details, for example, name, age, address
- Contact information
- Physical or mental health details
- Lifestyle and social circumstances relating to fire risk or other high risks
- Opinions and decisions on fire safety
- What services have been provided
To identify community fire risks:
- Locations of fire related incidents
- Addresses of fire related risks, e.g. high-risk occupiers, use of home oxygen, threats of arson
For business fire safety advice and enforcement action:
- Contact information
- Licenses, certificates held
- Opinions and decisions on fire safety
To check our services meet legal duties, including for diversity and equality of
- Age group
- Gender identity
- Racial or ethnic origin
- Religious or other beliefs
How do we protect your information?
We are committed to keeping your personal data safe. We have physical, electronic and organisation procedures to protect and safely use the information that we hold about you. These include:
- Secure work areas
- Information security training for our staff
- Access controls on information systems
- Encryption of personal data
- Testing and checking security controls
- Checking privacy when we change how we use or store personal information
- Written contracts with any companies we use for storing information
Where we use more sensitive data, like health information, we protect this information with extra controls.
We use anonymised data wherever we can so individuals cannot be identified.
Who might we get your personal information from?
- Your family members, employer or representative
- Your landlord
- Other public bodies, such as the police, ambulance service, local councils and the NHS
- Charities and support services who you have given permission to share your information for fire safety reasons
- Other organisations such as companies who you have given permission to share your information for security or key holding purposes
Who do we share your personal information with?
Sometimes, we share personal information about you with others. These organisations include but are not limited to:
- Other blue light emergency services, for example, police and ambulance, so we can respond to incidents
- Public utilities, for example, to cut off a gas supply in an emergency
- Local councils if we have serious concerns about your wider safety that a local council can help with
- Welfare organisations if you agree to your information being shared
- Government, for example, anonymised information about our activities used for national fire statistics
- Courts and law enforcement, prosecuting authorities, solicitors
- Insurance companies and loss adjusters where they are authorised to act on your behalf following an incident at your property
Information will only be shared when it is strictly necessary to help us meet a legal duty, you agree, or it is fair to share under another data protection reason. You may have the right to refuse.
We may use commercial companies to store and manage your information on our behalf. Where we do this, there is always a contract to ensure that the requirements of the GDPR on handling personal data are met.
How long do we keep your information?
We only keep your information for as long as we need it. This is to meet our legal responsibilities and best practice reasons. For example, we keep finance information for seven years, we keep unsuccessful recruitment information for six months and we keep 999 call recordings for three years unless we need them longer for criminal investigations. This information is all recorded on our SFRS Records Retention Schedule. Further information on retention is available by contacting SFRS.GDPR@firescotland.gov.uk.
Your information rights
In general, you have the right to request that SFRS:
- Provide a copy of your personal information
- Correct any errors in your personal information and restrict processing until completed
- Object to the processing depending on the service and legal basis
- Erase personal information depending on the service and legal basis
- Withdraw consent and have your data deleted if consent is the legal basis for the service
- To be informed of automated decision-making including profiling for the service
Where possible, we will try to meet your request, but we may need to hold, retain, or process information to comply with a legal duty.
If you want a copy of or a description of the personal data, we hold that relates to you, please ask in writing, by letter or email. You can use our Subject Access Request form. Please be as specific as possible about the information you want.
We will reply with your information within one month of receipt or from the day on which we have the necessary information to confirm your identity. There are some lawful restrictions on information we send you, for example, other people’s personal information.
You may be entitled to correction, restriction, objection, and erasure of your personal information depending on the service and legal basis.
Please send your request:
Subject Access Request, Information Governance via Corporate Admin
Scottish Fire and Rescue Service Headquarters
How to complain
If you want to complain about your personal information rights, please contact the Information Governance Manager:
Carol Wade, Information Governance Manager / Data Protection Officer
Scottish Fire and Rescue Service
If you are not happy with how we deal with your personal information complaint, you can complain to the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. They can also provide advice and guidance and can be contacted through their website: ico.org.uk or their helpline on 0303 123 1113 or in writing to:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Cookies for online users
The SFRS website does not automatically capture or store personal information, other than logging the user's IP address and session information, such as the duration of the visit and the type of browser used. This is recognised by the web server and is only used for system administration and to provide statistics which the SFRS uses to evaluate use of the site.
This privacy statement covers the SFRS at firescotland.gov.uk only. Links within this site to other websites are not covered by this policy.
More details about cookies on this website can be found on our cookies policy page.
Keeping this privacy notice up to date
We will continually review and update this privacy notice to reflect changes in our services and feedback from service users as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice.