Privacy policy

Scottish Fire and Rescue Service (SFRS) is committed to protecting your personal information. This privacy notice explains how we use your information and how we protect your privacy. The processing of personal data is covered by the General Data Protection Regulation and Data Protection Act 2018.

We are a Data Controller for personal data. Our details are registered with the Information Commissioner’s Office (ICO) and our register number is Z3555625. The ICO’s register can be viewed online at ico.org.uk.

We use personal information about members of the public, businesses, and organisations to provide fire prevention, fire protection and emergency services to the communities that we serve. We also collect and use personal information of our own staff.

• Firefighting, responding to road traffic accidents and other emergency
  situations
• Carrying out home safety visits
• Fire investigations at homes, business and public areas
• Fire prevention awareness, advice and assistance
• Business fire safety advice and inspections
• Regulatory, licensing and enforcement actions for business fire safety
• Improving community safety
• Reducing arson
• Checking the quality and effectiveness of our services
• Maintaining our own records and accounts
• To check our services, meet legal duties, including for diversity and equality
  of opportunity
• Where you have agreed for asking your opinions about our services;
• Supporting and managing our staff
• CCTV on our buildings and vehicles for the prevention and detection of
  crime
• Investigating complaints about our services
• Recruitment and Selection (including psychometric testing)
• Recognition and awards

All the reasons we use your personal data meet at least one of the following legal reasons:

• To carry out our public duties of a Fire and Rescue Service from the Fire
  (Scotland) Act 2005
• To work with other public organisations such as the police, ambulance
  service and local councils for public safety
• For the investigation, detection, and prevention of crime or if we are required
  to do so by law
• To protect someone from danger from themselves or others. This could be
  danger to you, people around you, our staff, or staff in other services like the
  Police or Ambulance Service
• Explicit consent for activities that help us in carrying out our public power of
  improving general community safety
• For staff recruitment, employment, or social security reasons

To deliver our services effectively, we may need to collect and process personal data
about you. Personal data refers to any information about a living individual who can
be identified. We will never use your data for third party marketing.

We collect data using:

• Online forms
• Telephone calls
• Personal contact including visits
• Letters and paper forms
• Emails
• CCTV footage

We collect and use different kinds of information, including:

For taking 999 calls and responding to an emergency:

• Incident details, including location
• What services have been provided
• Recording of 999 calls
• Type of household, e.g. single occupant, children
• Information about buildings which might affect how we respond to an
  emergency, for example, stored flammable goods

For advising on fire risks at home:

• Personal details, for example, name, age, address
• Contact information
• Physical or mental health details
• Lifestyle and social circumstances relating to fire risk or other high risks
• Opinions and decisions on fire safety
• What services have been provided

To identify community fire risks:

• Locations of fire related incidents
• Addresses of fire related risks, e.g. high-risk occupiers, use of home oxygen, threats of arson

For business fire safety advice and enforcement action:

• Contact information
• Licenses, certificates held
• Opinions and decisions on fire safety

To check our services meet legal duties, including for diversity and equality of
opportunity:

• Age group
• Gender identity
• Disability
• Racial or ethnic origin
• Religious or other beliefs

We are committed to keeping your personal data safe. We have physical, electronic and organisation procedures to protect and safely use the information that we hold about you. These include:

• Secure work areas
• Information security training for our staff
• Access controls on information systems
• Encryption of personal data
• Testing and checking security controls
• Checking privacy when we change how we use or store personal information
• Written contracts with any companies we use for storing information

Where we use more sensitive data, like health information, we protect this information with extra controls.

We use anonymised data wherever we can so individuals cannot be identified.

• You
• Your family members, employer or representative
• Your landlord
• Other public bodies, such as the police, ambulance service, local councils and the NHS
• Charities and support services who you have given permission to share your information for fire safety reasons
• Other organisations such as companies who you have given permission to share your information for security or key holding purposes

Sometimes, we share personal information about you with others. These organisations include but are not limited to:

• Other blue light emergency services, for example, police and ambulance, so we can respond to incidents
• Public utilities, for example, to cut off a gas supply in an emergency
• Local councils if we have serious concerns about your wider safety that a local council can help with
• Welfare organisations if you agree to your information being shared
• Government, for example, anonymised information about our activities used for national fire statistics
• Courts and law enforcement, prosecuting authorities, solicitors
• Insurance companies and loss adjusters where they are authorised to act on your behalf following an incident at your property

Information will only be shared when it is strictly necessary to help us meet a legal duty, you agree, or it is fair to share under another data protection reason. You may have the right to refuse.

We may use commercial companies to store and manage your information on our behalf. Where we do this, there is always a contract to ensure that the requirements of the GDPR on handling personal data are met.

We only keep your information for as long as we need it. This is to meet our legal responsibilities and best practice reasons. For example, we keep finance information for seven years, we keep unsuccessful recruitment information for six months and we keep 999 call recordings for three years unless we need them longer for criminal investigations. This information is all recorded on our SFRS Records Retention Schedule. Further information on retention is available by contacting SFRS.GDPR@firescotland.gov.uk.

In general, you have the right to request that SFRS:

• Provide a copy of your personal information
• Correct any errors in your personal information and restrict processing until completed
• Object to the processing depending on the service and legal basis
• Erase personal information depending on the service and legal basis
• Withdraw consent and have your data deleted if consent is the legal basis for the service
• To be informed of automated decision-making including profiling for the service

Where possible, we will try to meet your request, but we may need to hold, retain, or process information to comply with a legal duty.

If you want a copy of or a description of the personal data, we hold that relates to you, please ask in writing, by letter or email. You can use our Subject Access Request form.  Please be as specific as possible about the information you want.

We will reply with your information within one month of receipt or from the day on which we have the necessary information to confirm your identity.  There are some lawful restrictions on information we send you, for example, other people’s personal information.

You may be entitled to correction, restriction, objection, and erasure of your personal information depending on the service and legal basis.

Please send your request:

If you want to complain about your personal information rights, please contact the Information Governance Manager:

If you are not happy with how we deal with your personal information complaint, you can complain to the Information Commissioner’s Office (ICO).  The ICO is an independent body set up to uphold information rights in the UK.  They can also provide advice and guidance and can be contacted through their website: ico.org.uk or their helpline on 0303 123 1113 or in writing to:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

The SFRS website does not automatically capture or store personal information, other than logging the user's IP address and session information, such as the duration of the visit and the type of browser used. This is recognised by the web server and is only used for system administration and to provide statistics which the SFRS uses to evaluate use of the site.

This privacy statement covers the SFRS at firescotland.gov.uk only. Links within this site to other websites are not covered by this policy.

More details about cookies on this website can be found on our cookies policy page. 

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users as well as to comply with changes in the law. When such changes occur, we will revise the ‘last updated’ date at the top of this notice.