Your browser is unsupported and may have security vulnerabilities! Upgrade to a newer browser to experience this site in all it's glory.
Skip to main content
  • About Us
  • Your Safety
  • Careers
  • Newsroom
  • Your Local Area
  • Contact Us

This section provides information about the laws that tell us how to use personal information. It also explains how Humberside Fire & Rescue Service works to follow those laws and what you can do if you are unhappy, or something goes wrong.

What is personal and special category data?

Personal data is information about living people that can be used to identify that person, for example, your name, date of birth, identification number, address and e-mail address.

Special category data, sometimes called sensitive data is information which can tell someone something about you, for example your racial or ethnic origin, your religious beliefs or political opinion, membership of a trade union, genetic data, biometric data, sex life and sexual orientation.  

Why does data protection matter?

All organisations have a legal responsibility to make sure they protect any personal data they hold and do not use it in the wrong way.

The two laws that organisations must follow are the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). The GDPR was a regulation which came into force on 25 May 2018 and all countries that were part of the European Union (EU) had to follow, including the UK.

After the UK left the EU, the GDPR is still something that we have to follow, but in a new version known as the UK GDPR.

Read more about the UK GDPR and the Data Protection Act 2018.

Humberside Fire & Rescue Service has a data protection policy to make sure our staff understand what they must do to follow data protection legislation.

What does legislation require HFRS to do?

The UK GDPR includes 6 core principles which tell us how personal data should be used. HFRS must only use personal data in the ways that these principles tell us. We are required to be able to prove that we are following them.

Lawfulness, fairness and transparency

·        Lawful - we must have a specific lawful reason for processing the personal data.

·        Fair - the processing must be fair, ie. used in a way people would reasonably expect and not in a way that might negatively affect them.

·        Transparent - we have to be clear, open and honest about how and why we are using the personal data 

Purpose limitation

We must only collect personal data for specific, clear and valid purpose. We must not use it in any other way that is not compatible with that purpose. However, we may carry out further processing to archive information in a way that will benefit the public, scientific or historical research purposes, or statistical purposes. This is because they are considered compatible with the purpose it was first processed for.

Data minimisation

The personal data must be enough, relevant and limited to what is needed for the purpose it is first processed for.

Accuracy

The personal data we use must be correct and, where needed, kept up to date.

Storage limitation

The personal data must only be kept, in a form that allows individuals to be identified. It must be kept for no longer than is needed for the purpose it was originally collected.

Integrity and confidentiality

Personal data must be kept secure and protected against people accessing it that aren’t allowed to. It must also be protected against being lost, destroyed or damaged.

The Data Protection Act 2018 states that all businesses and organisations that process personal data must register with the Information Commissioners Office (ICO) unless they are exempt.

HFRS is registered with the ICO, our registration number is Z5461052 

Who can I contact for further information?

Humberside Fire & Rescue Service have a Data Protection Officer (DPO). They are responsible for keeping track of how well we follow the law. They keep us updated and provide advice on how we can carry out our data protection responsibilities. They also give advice on Data Protection Impact Assessments (DPIAs).

The day-to-day management of the Service’s data protection responsibilities is carried out by our Information Governance Team.

To make sure our staff understand the role they play in making sure we follow data protection law, we provide training to all staff.  This is supported by several policies and procedures related to data protection.

You can contact the DPO or our Information Governance Team by:

Email: dataprotection@humbersidefire.gov.uk

Tel: (01482) 565333 

How does HFRS identify privacy risks?

The Service has procedures in place to make sure privacy and data protection issues are considered. They must be considered at the very start of any new project, initiative or procurement or, where we plan to change the way do something.  We make sure people’s personal information is going to be handled with privacy in mind and in line with the law.  This process is often called privacy by design.

To do this, the Service completes Data Protection Impact Assessments (DPIAs). This is a way to identify any risks to personal information.  Every DPIA includes a record of the actions we have taken to remove the identified risks or, reduce their impact to the lowest level possible.

The table below provides details of all the Stage 2 DPIAs completed.

What is a personal data breach?

A personal data breach is a breach of security leading to personal data being destroyed, lost, changed. It can also lead to people being able to access the data who are not allowed to either by accident or on purpose.

Personal data is data about living identifiable individuals.

If something does go wrong, the Service has processes and procedures in place to make sure we can deal with it effectively and efficiently.

What can I do if I think something has gone wrong?

If you think something has gone wrong or you think there may have been a data protection breach, you should contact the Information Governance Team:

Email: databreach@humbersidefire.gov.uk

Tel: (01482) 565333

If it is appropriate, the Service will notify the Information Commissioners Office (ICO) (external website)

What can I do if I'm not happy with how the Service has used my information?

The first thing to do is contact the Information Governance Team so we can look into your concern:

Email: dataprotection@humbersidefire.gov.uk

Tel: (01482) 565333

If, following our response, you are still unhappy, you can raise your concern with the ICO.

It is for the ICO to uphold your rights and to take action to make sure we meet our legal responsibilities.  Action taken by the ICO can include financial penalties, enforcement notices, reprimands and other actions, including criminal prosecutions.

For more information about the role of the ICO:

The Information Commissioners Office (ICO) (external website)

ICO address:

Wycliff House

Water Lane

Wilmslow

Cheshire

SK9 5AF

ICO helpline: 0303 123 1113 or (01625) 545745

Our Data Protection Impact Assessments