Privacy Statement

Last updated: May 2018

Buckinghamshire & Milton Keynes Fire Authority (the Authority) as a Data Controller determines the purposes for collecting and using your data in order to carry out our public duties. The Authority is committed to protecting your personal information and this privacy notice explains how we use and share your information and how we protect your privacy. 

Personal data refers to any information with which a living individual can be identified. 

Why we collect your personal information

To deliver our services effectively, we may need to collect and process personal data about you. We collect data using:

  • Online forms.
  • Telephone calls.
  • Personal contact, including visits.
  • Letters and paper forms.
  • Emails.

We collect and use different kinds of information for taking 999 calls and responding to an emergency:

  • Incident details, including location.
  • What services have been provided.
  • Recording of 999 calls.
  • Type of household, for example, single occupant, children.
  • Information about buildings which might affect how we respond to an emergency, for example, stored flammable goods.

For advising on fire risks at home:

  • Personal details – for example, name, age, address.
  • Contact information.
  • Physical or mental health details.
  • Lifestyle and social circumstances relating to fire risk or other high risks.
  • Opinions and decisions on fire safety.
  • What services have been provided.

To identify community fire risks:

  • Locations of fire related incidents.
  • Addresses of fire related risks, for example, occupiers over 65, use of home oxygen, threats of arson.

For business fire safety advice and enforcement action:

  • Contact information.
  • Licences, certificates held.
  • Opinions and decisions on fire safety.

To check our services meet legal duties, including for diversity and equality of opportunity:

  • Age group.
  • Gender identity.
  • Disability.
  • Racial or ethnic origin.
  • Religious or other beliefs.

Where might we collect your personal data from?

  • You.
  • Your family members, employer or representative.
  • Other public bodies such as the police, ambulance service, local councils and the NHS.
  • Charities and support services who you have given permission to share your information for fire safety reasons.
  • Other organisations such as companies who you have given permission to share your information for security or key holding purposes.

Legal basis for using your personal data

We have the right to process your personal data if at least one of the following applies:

  • Processing is necessary for carrying out legitimate public duties of a Fire and Rescue Service as defined in the Fire and Rescue Services Act 2004.
  • Explicit consent for activities that help us in carrying out our public power of improving general community safety.
  • Processing is necessary for collaborating with public organisations such as the police and ambulance service in undertaking public safety functions.
  • For recruitment, employment, social security purposes or a collective agreement.
  • Processing is carried out by a non-profit body with a political, philosophical, religious or trade union aim provided: 
  • To protect someone from danger either from themselves or others. This could be danger to you, people around you, our employees or employees in other services such as the police or ambulance service.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use before starting the processing and setting out the relevant purposes and processing conditions. Whenever necessary, we will seek your prior consent to the new processing.

Who will we share your personal information with?

Sometimes, it is in line with our legal duties and in the interest of public safety to share information with other organisations such as the police, the NHS or social services. 

For example, NHS England, the Royal College of General Practitioners and Fire and Rescue Services in England work together to share information to allow fire service employees to offer Home Safety Checks for people who have a higher risk of experiencing a house fire. This is by sharing data that lets Fire and Rescue Services identify home address of people over 65 so we can offer home fire safety checks to households identified with a possible higher fire risk. (For more information about how NHS England use and share your information see:

We may also share personal information about you with others. These organisations include, but are not limited to:

  • The Home Office, regarding for example, incidents and prevention work (for more information:

  • Other blue light emergency services, for example police and ambulance so we can respond to incidents.

  • Public utilities, for example to cut off a gas supply in an emergency.
  • Local councils, if we have serious concerns about your wider safety that a local council can help with.
  • Welfare organisations, if you agree to your information being shared.
  • Central government, for example anonymised information about our activities used for national fire statistics.

  • Courts and law enforcement, prosecuting authorities, solicitors.

  • Insurance companies and loss adjusters where they are authorised to act on your behalf following an incident at your property.

  • When appropriate, your personal data will also be provided to companies who carry out services or functions on behalf of the Authority. These are known as “data processors” as they act only under direct instruction from the Authority and there is always a contract to ensure that our legal and organisational requirements on handling personal data are met.

National Fraud Initiative (NFI) - Fair Processing Statement

The Authority is required to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds, or where undertaking a public function, in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

We participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data (payroll, pensions and creditor data) to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. View further information on the Cabinet Office’s legal powers. 

NHS Data – Fair Processing Statement 

NHS England, the Royal College General Practitioners and Fire and Rescue Services (FRS) in England work together to ensure preventative resources are offered to those who may benefit most. This is achieved by referrals and the sharing of information (where relevant, proportionate and necessary) to allow fire service personnel to undertake Safe and Well visits and Home Fire Safety Checks. If you require more information about how NHS England use and share your information, please click here. 

Research has shown that those at high risk from fire death and injury are those who are most likely to impact on a range of NHS services. Safe and Well visits and Home Fire Safety Checks are developed between local health practitioners and FRSs to meet local health-risk priorities. They therefore represent an intervention which can improve people's quality of life while reducing demand on critical services. 

The majority of fire deaths in the UK occur amongst the elderly population. However, older people are most vulnerable to fire and a number of other risks. A Safe and Well visit / Home Fire Safety Check from the FRS is proven to make them safer and can reduce risk significantly across a range of factors. 

In one area of the United Kingdom where this work has been piloted since 2007, there has been a very significant reduction in fire deaths and injuries which has developed into a current trend well below the national average. So we know this work can save many lives. 

The FRS and NHS will continue to work together in the future to ensure the visits undertaken by the FRS are effective in helping to make making people safe and well.

How we protect your information

We have physical, electronic and organisation procedures to protect and safely use the information that we hold about you. 

Our aim is not to be intrusive, and we won’t ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can’t be seen, accessed or disclosed to anyone who shouldn’t see it. 

We use anonymised data wherever we can, so individuals can’t be identified.

We have an Information Governance Framework that includes a Data Protection and Information Security procedures. These define our commitments and responsibilities to your privacy and cover a range of information and technology security measures. 

We provide training to staff that handle personal information and take appropriate measures if they misuse or do not look after your personal information properly. 

How long we keep your information

We will not keep your information longer than it is needed or where the law states how long this should be kept and we will dispose of paper records or delete any electronic personal information securely. For details of how long we retain records for each service, please contact the Data Protection Officer (DPO).  

Your rights 

Subject to any legal exemptions, you have the following rights with respect to your personal data:

  • Access – you have the right to know what data we hold relating to you and why and to receive a copy of it;  

  • Rectification – you have the right to have inaccurate information about you corrected (where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction is placed on further processing);

  • Objection – you have the right to object to the Authority using your information, and we would have to stop unless we have a sound overriding reason to continue; 

  • Erasure, restriction and portability – in specific circumstances, you have the right to have your personal data deleted, to put limits on what the Authority may do with it or to receive a copy in machine-readable form to take to another organisation; 

  • Complaints - The right to lodge a complaint with the Information Commissioners Office.

  • There are also specific legal rights relating to automated decision making but the Authority does not use any such processes to support the delivery of its public services. For more information on your rights under the GDPR see

While we will endeavour to give you access to everything we have recorded about you we will not share any parts of your details which contain:

  • Confidential information about other people or
  • If it is in the interest of public safety and security to withhold that information from you.

How can you exercise your rights? 

You can contact our DPO if you wish to exercise any of your rights as described, have a query on how personal data is handled within our organisation or just want further information and advice. 

If you want a copy of, or a description of, the personal data we hold that relates to you, please ask in writing, by letter or email. Please be as specific as possible about the information you want.

We will reply with your information within one month of receipt, or from the day on which we have the necessary information to confirm your identity. There are some lawful restrictions on information we send you, for example, other people’s personal information.

Contact details

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.

If you have any questions about this privacy notice, including any requests to exercise all relevant rights, queries of complaints please contact the DPO on 01296 744442 or by email at

If you’re not happy with how we deal with your personal information complaint you can complain to the Information Commissioner’s Office (ICO). The ICO is an independent body set up to uphold information rights in the UK. They can also provide advice and guidance and can be contacted through their website: or their helpline: 0303 123 1113, or in writing to:Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. 

Keeping this privacy notice up to date

We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, in order to improve our transparency and comply with legislation.

When such changes occur, we will revise the ‘last updated’ date at the top of this notice.


This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the Authority’s collection and use of personal information. If you have any questions about this privacy statement or concerns about the way we process your personal data, please contact the DPO using the number or email address above.

Business & Community Safety Privacy Statement

Employee and Potential Employee Privacy Statement