Subject Access Requests
Update March 2020 - Coronavirus
It is possible that we will take more than one calendar month to supply information for Subject Access Requests.
The Information Commissioner recognises that longer time may be needed when ESFRS staff need to prioritise other work to keep services running during the Coronavirus situation. Thank you for your patience
East Sussex Fire and Rescue Service “hereafter referred to as "ESFRS" is committed to protecting your personal data when you use our services. This privacy notice explains how the Service uses information about you and how we protect your privacy. The processing of personal data is governed by the General Data Protection Regulation 2016 (the "GDPR").
The data we may collect about you
To deliver our services effectively, we may need to collect and process personal data about you. Personal data refers to any information with which a living individual can be identified. Individual identification can be by the information alone or in conjunction with other information in the possession of the ‘The Authority’.
Types of personal data
- Individual details : Name, address, other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment and training history, family details including their relationship to you, it can be any combination of the data above that can identify a living individual
- Special categories of personal data: Certain categories of personal data have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric or data concerning sex life or sexual orientation.
Why we collect your personal information
We process personal information to enable us to undertake prevention, protection and emergency services to the communities that we serve. Personal data can be collected particularly for firefighting and emergency services which includes managing responses to fire, incidents and traffic accidents, maintaining our own records and accounts including the management of fire service assets. To summarise the reasons why we collect personal data include:
- managing responses to fire
- incidents and traffic accidents;
- Fire Prevention, (awareness, advice and guidance),
- Fire investigation
- Carrying out home safety visits for employment and staff training purposes
- Checking the quality and effectiveness of our services
- Investigating any concerns or complaints about our services
- Research and planning of new services
- Emergency contact information
- Agreements you may have with the fire and rescue service
We also process personal information using a CCTV system to monitor and collect visual images for the purpose of security and the prevention and detection of crime.
ESFRS as part of the national framework and are required to forward statistical information to government agencies but this data has no personal or identifiable individual data within the information provided.
Where might we collect your personal data from?
- Your family members, employer or representative
- Other public bodies such as the police, ambulance service, local councils and the NHS
- Other organisations such as companies who you have given permission to share your information for security or key holding purposes
Legal basis for processing your personal data.
- We have the right to process your personal data if at least one of the following applies:
- Processing is necessary for carrying out legitimate public duties of a Fire and Rescue Service as defined in the Fire and Rescue Services Act 2004.
- Explicit consent is required for carrying out incidental activities that help us in carrying out our public duty of improving, protecting and saving lives.
- Processing is necessary for collaborating with public organisations such as the police and ambulance service in undertaking public safety functions.
- For recruitment, employment, social security purposes or a collective agreement.
- Processing is carried out by a non-profit body with a political, philosophical, religious or trade union aim provided:
- the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and
- There is no disclosure to a third party without consent.
How do we keep your information secure?
We are committed to ensuring that your personal data is safe. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information that we hold about you. These include:
- Secure work areas
- Information security awareness for our staff
- Access controls on all systems
- Encryption of personal data
- Testing, assessing and evaluating the effectiveness of technical security controls
Who will we share your personal information with?
We may engage the services of commercial companies to store and manage your information on our behalf. Where we have these arrangements, there is always a contract, memorandum of understanding or an information sharing agreement in place to ensure that the requirements of the GDPR on handling personal data are met. We may share your personal information with third parties that are commissioned to train our staff or volunteers.
Sometimes, it is in line with our legal duties and in the interest of public safety to share information with other organisations such as the police, the NHS or social services. We may also share your personal information when there is a justifiable public safety and security reason. Examples are:
- For the investigation, detection and prevention of crime or if we are required to do so by law.
- Helping the police and relevant authorities to identify trends and issues relating to fires.
- If there are serious risks to the public, our staff or other professionals.
- To protect children or vulnerable adults.
Where necessary or legally required we share information with:
- family, associates and representatives of the person whose personal data we are processing
- current, past or prospective employers
- suppliers and service provider
- public utilities
- insurance companies
- legal advisers
- healthcare and welfare organisations
- persons making an enquiry or complaint
- police forces
- security organisations
- local and central government
- press and the media
- law enforcement and prosecuting authorities
- public utilities
- insurance companies
- educational establishments
- financial organisations
- educators and examining bodies
- trade unions and staff associations
- credit reference agencies
- debt collection and tracing agencies
- Coroner’s Office
Information Sharing Agreement
- Clients of Adult Social Care (ASC) will be asked to give their consent or otherwise to their information being provided to East Sussex Fire and Rescue Service (ESFRS) in order that they can be contacted by ESFRS to be offered a free home safety visit.
- However, in order to safeguard those clients who have neither consented nor withheld their consent to their information being shared for this purpose, there is an agreement in place with ESFRS that information on known clients will be passed over by ASC in order that these clients can be contacted by ESFRS to be offered a free home fire safety visit.
- No sensitive personal information is passed onto ESFRS by ASC. This information sharing agreement aims to increase the number of clients taking up the offer of a home safety visit, and subsequently reduce the number of fire related injuries or deaths within East Sussex’.
How can you access the information we hold about you?
You have the right to request all the information we hold about you when we receive a request from you in writing this we will refer to a subject access request.
- We would normally give you access to everything we have recorded about you.
- We will respond to your request within a calendar month, initially by requesting evidence of who you say you are is verified.
- Once confirmed we will provide either all the information or advice you that the information one has requested may take longer (for this purpose we can request a further two months to comply.
- Once the data is ready we will confirm the secure way for access.
This applies to paper and electronic records. However, we will not share any parts of your details which contain:
- Confidential information about other people or
- If it is in the interest of public safety and security to withhold that information from you.
Your rights and your personal data
Subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which the "ESFRS" holds about you;
- The right to request that the "ESFRS” corrects any personal information if it is found to be inaccurate or out of date;
- The right to erasure of your personal data where it is no longer necessary for the "ESFRS” to retain such data;
- The right to withdraw consent to the processing of your data at any time;
- The right to request that the "ESFRS" to transmit your data another organisation where applicable.
- Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction is placed on further processing;
- The right to object to the processing of personal data where applicable. However, as the "ESFRS" will mainly be processing data based on the performance of a statutory duty in the public interest, there are limits to this right.
- The right to lodge a complaint with the Information Commissioners Office.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
- Reference Subject Access Requests: If you are a data subject who has not or is not employed by East Sussex Fire & Rescue Service initially contact East Sussex Fire and Rescue Service Community Fire Safety team on 01323 462000
- for current or ex-employees of East Sussex Fire & Rescue Service contact Human Resources by email to firstname.lastname@example.org
Any complaints will be addressed by the ESFRS Senior Risk Information Officer, and could be escalated to the Chief Fire Officer however if you do not get appropriate response to your query/complaint you can contact the Information Commissioners Office at ico.org.uk, Tel: 0303 123 1113 or via email email@example.com, https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
There are two ways in which we collect private information via our website:
- Online and downloadable forms
There are a number of forms on our website:
- Online forms
- Downloadable forms
These forms allow users to contact us without the need for email. Our website is secured and the information sent via an online form is encrypted and stored in the website's database. The information is sent to the relevant department and the database is cleared daily.
Home Safety Visit form
This form is used to ask for a free home safety visit and needs more personal information, including address details.
This information is kept by us for as long as it is needed. When we no longer need it we send it to the East Sussex Record Office. After ten years it is destroyed confidentially.
For as long as we keep this information we use it only for the purpose of administering home safety visits.
You may ask to have your personal details removed by contacting:
- Community Safety Team
- East Sussex Fire & Rescue Service
- Eastbourne Community Fire Station
- Whitley Road
- East Sussex
- BN22 8LA
Cookies for online users
To make this site simpler, we sometimes place small data files on your computer. These are known as cookies. They improve things by:
- Remembering settings, so you do not have to keep re-entering them whenever you visit a new page
- Remembering information you have given so you do not need to keep remembering it
- Measuring how you use the website so we can make sure it meets your needs
By using our website, you agree that we can place these types of cookies on your device. Cookies are not used to identify you personally. They are just here to make the site work better for you. You can manage and/or delete these small files as you wish.
The Information Commissioner's Office (ICO) provides help and advice on this and suggests another website, www.allaboutCookies.org which has more information about Cookies, how they are used and how they can be managed.
There is a lot of information available but it all boils down to:
Cookies are not:
- Used for intrusive spying
However Cookies are:
- Simple text files - anyone can view their contents using a text editor or word processor
- Designed to make using websites easier
So how do Cookies work?
Then, whenever you visit that website your computer will check to see if it has any of its Cookies. If it does, the Cookie's information is sent back to the website.
The website then 'knows' that you have been there before and 'remembers' how you like to use it.
(You will notice this in action if you visit a website that displays something like "Hello XXXXXX, welcome back".)
Cookies are used in a huge number of ways but generally they might record:
- How long you spend on each page on a site
- The links you click
- Your preferences for page layouts and colour schemes
They are often used for online shopping and most shopping websites would be much more difficult to use without Cookies.
If you choose not to allow Cookies some websites will not look so good or work so well. You may find that menus stop working and that you can't easily move around the site.
You should have no worries about security when using Cookies as there is no personal information stored in them.
You can block the use of all Cookies and then allow their use for websites that you select.
Each browser goes about this slightly differently and you should check out your browser's options.
To find out more about Cookies, including how to see what Cookies have been set and how to manage and delete them, visit www.allaboutCookies.org
Please note that we are unable to give advice on the use of browser specific settings.
The following table contains information about all of the Cookies that might be in use by this website.
The actual Cookies in use at any given time will depend on the features that are currently in use. For example this site does not use the eShop feature.
|Feature ||Cookie Name |
| Purpose ||What will happen if you disable Cookies on this site? ||Does the Cookie Persist? |
|Is the cookie essential? |
| Session || |
As visitors browse and interact with the web site, activity such as completing a form is recorded on the web server and this token allows us to refer to the user session data on the server between pages.
More information: http://support.microsoft.com/kb/899918
| No loss of function but there will be a very minor delay before each page load as authentication would be triggered for every page visited whereas the cookie instantly confirms visitors as anonymous || |
| Yes |
| AccessKeys || |
Stores shortcut key preferences between visits
Personal Access Key shortcuts will not be remembered between visits
| Yes || No |
| Buildportal || PortalModuleUserId || |
Stores portal state for non-logged in users so that if they visit again, portal preferences including portlet positions are remembered.
BuildPortal will reset upon each visit for non-logged in users, for logged in users, their preferences are stored in the database
| Yes || No |
| AllowEasysiteCookies || |
Stores the consent status of the current user for cookies, only set if they consent
Site will prompt for Cookie Consent upon each visit
| Yes || No |
Stores the selection state of the decision tree between visits to the page
The Decision Tree state will reset between visits to the page
| Yes || No |
eShop Order ID
| OrderID || |
Stores order reference for users before they login
Non-logged in users cannot add items to their basket
| No || Yes |
| Interstitials || |
Stores whether an interstitial has been viewed / closed so it doesn’t reappear for the current user
Interstitials will persist for the current user for those pages that convey them, such as language preference
| Yes || No |
| Locales || |
Stores the locale (language) preference of the current user if they are not logged in
From v6.5+ there will be no loss of function as locales are maintained through the URL path
| Yes || No |
Stores authentication token between visits so users don’t have to login on each visit
Users who wish to access restricted content or services will need to login upon each visit to the site
| Yes || No |
| mobileredirect || |
Stores mobile device users’ preference for either the web or mobile site
Users will be asked upon each visit whether they would prefer to visit the web or mobile optimised site
| Yes || No |
| Polling || EasysiteUserHasVoted || |
Stores whether the current user has already voted in the poll, preventing multiple voting
Single users will be able to vote multiple times in online polls
| Yes || No |
| ActiveTab || |
Stores the ID of the Active Tab as selected by the user
Held tab states will be lost between visits to the page
| No || Yes |
Cookie information for this website
Stores tracking code for donations, part of eShop
Donations may not be attributable to specific fundraising campaigns
| No || Yes |
Cookies set by other websites
Google Analytics is a powerful tool, used on thousands of websites. It allows us to see what information people are viewing on our website.
One of the key benefits for a public organisation like East Sussex Fire & Rescue Service is that it is a free service. This plays a small part in helping us keep our costs, and your council tax bill, down.
If you want to opt out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout
You will find a number of YouTube videos embedded across our website.
To do this we use YouTube's privacy-enhanced mode which may set Cookies on your computer when you click on a YouTube video.
However, YouTube will not store personally-identifiable Cookie information for playbacks of embedded videos.
Read Google maps Privacy notice for more information
How long do we keep your personal data for?
We only keep your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data – and whether we can achieve those purposes through other means – and the applicable legal requirements.