Staffordshire Resilience Forum Privacy Notice
(how we* use your information in the preparation for incidents and during incidents)
* “we” primarily referring to local authorities, emergency services & health trusts
Why do we collect your personal information?
Organisations that are classified as Category 1 Responders have a legal duty to under the Civil Contingencies Act (2004) to maintain plans (and arrangements) to ensure that in an emergency, they can perform their functions so far as necessary or desirable for the purpose of preventing the emergency, reducing or mitigating its effects or taking other action in connection with it. If you are involved in an incident or emergency, responders will collect and process information relating to you in order to protect your vital interests and provide for your welfare.
Category 1 (and 2) Responders also have a legal duty to share information with one another and to co-operate with each other. For further guidance on who Category 1 and 2 Responders are, please see https://www.gov.uk/guidance/preparation-and-planning-for-emergencies-responsibilities-of-responder-agencies-and-others.
What do we collect and how do we use your personal information?
As part of the work we do within the Staffordshire Resilience Forum (SRF), we may collect information from you, either day-to-day or during an incident.
Information we collect day-to-day could include contact details for members of community groups or networks in order to undertake work in the area of Community Resilience, or engagement with the voluntary sector.
Information collected during an incident or emergency may include:
- Name & address
- Date of birth
- Contact phone numbers
- Needs (such as medical, dietary/allergy, care, physical, social or language/communication needs) and other characteristics or information about your situation that will help us look after your welfare and protect your vital interests during and after an incident
- Name of GP Surgery, so that we can ensure any health input you need is provided and that it is provided in the most efficient way.
Information is particularly likely to need to be collected and processed if you need to use an emergency Rest or Reception Centre, or other form of emergency centre, because you require assistance of some kind in relation to the impact of the incident upon you. Information will be collected and processed in order to provide the best support to you.
We may also need to warn you or provide advice based on emergency situations that might present a risk to your welfare (particularly if we think that situation might be imminent e.g. risk of flooding over the next few days), in order to keep you safe from those risks. We may need to use personal information in order to do this, to carry out a task in the public interest and using our authority vested in us by the Civil Contingencies Act 2004, and to make sure we are providing the right advice to the right person.
Who else has access to the information?
The data that is collected is likely to be shared between responders and SRF partners for the purposes of carrying out activity in relation to legal duties under the Civil Contingencies Act and also during incidents, to protect the vital interests of individuals. If we feel another organisation may be able to help keep you safe or meet your needs during/ after an incident then we may share your details with them. The types of organisations we may share information with include health services, local government, other government agencies, charities, voluntary sector organisations and other support groups.
What happens if your information is shared between organisations?
You may have been signposted to this privacy notice because your information has been obtained an organisation by way of it being shared by another organisation, and not directly from you. The organisation that originally recorded your information may be able to let you know at the time that this occurs, but it might be up to a month afterwards.
How long will it be stored for?
This will depend on the incident and what response is required, but as long as agencies are involved in your welfare after the incident, your information may be made available to them. A decision will then be made regarding whether it is necessary to retain the information (and how much of the information to retain), for the purposes of, for example, inquiries into the incident. If information is not required to be retained, it will be securely destroyed at the point when you no longer need any help from agencies after the incident. This is unless you request your information to be erased prior to this point, which we may be able to do, depending on what information it is. Each agency has its own data management and retention policies and the data will be handled in accordance with these, by the agencies with whom the information has been shared.
What are my rights over the data?
You can request access to your data from the Data Controller at any time (and obtain a copy free of charge). There are likely to be decisions that we need to make as a resilience partnership, about how we seek to help those affected by the incident. This may involve your data. If you do not wish us to take any further decisions without your consent, you may have the right to request not to be subject to any automated decision making and we will do our best to meet your request insofar as possible.
You can request access to your data from us at any time (and obtain a copy free of charge). You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing, and in certain circumstances to request restrictions to what we do with the data or to take it elsewhere
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
- Claim compensation for damages caused by a breach of the Data Protection regulations.
If you wish to exercise any of the above rights, or raise any queries in relation to the processing of your data, please contact the Data Protection Officer for the organisation that originally collected your information (see section entitled “further information” later in this document).
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time. You can also contact the Information Commissioner's Office to complain by visiting their web site at www.ico.org.uk, telephoning 0303 123 1113 or writing to:
Information Commissioner's Office