Privacy policy

This notice explains how we use and share your information. We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law

Why do we collect information about you?

This notice provides you with an overview of how Personal Data about you and others is collected, used, shared, stored, and disposed of in the provision of the Fire and Rescue Service that endeavours to make our communities safer.

When we collect and use your personal information, we do so in accordance with data protection laws. This means we will be fair and transparent about the data we collect, and we will keep your information safe. Our main reasons for processing your data are:

  • Emergency Response – respond to fires, Road Traffic Collisions (RTCs) and attend other emergencies
  • Fire Safety and Protection – promoting fire safety to protect buildings and the people in them, particularly those who are vulnerable to harm, and enforce fire safety law
  • Youth Activities – working with young people
  • Administration – maintaining accounts and business records, managing contracts and services, running events and activities, investigating complaints and concerns
  • Monitoring our performance
  • Employment – recruit, employ, manage, train, promote and retire our staff
  • Research – carrying out research and surveys to gain feedback
  • Security – using CCTV systems to keep our people and resources safe, and to prevent and detect crime
  • Media – take photographs, video, or use other audio-visual media
  • Communications – maintaining our website, providing newsletters and information about our services
  • Legal – complying with the law

We continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law.

The legal bits

Types of Information we use

There are a wide variety of types of personal data that we use, below we have highlighted some examples for each category.

Personal details

Titles, names, previous names, nicknames, aliases, address, postcode, telephone numbers, email addresses, social media usernames, personal websites addresses, signature, emergency contacts, family history, marital status, dependants, next of kin, language skills.

Personal features

Age, date of birth, gender, height, weight, body measurements, eye/hair/skin colour, identifying marks, images – photo/video/audio.

ID Numbers

National insurance number, passport number, driving licence number, social security number, national health number. [Note: this category may include facsimile copies of original documents containing the identifier]

Work details

Pay number, job titles, work addresses, employers name, work contact numbers, work email address, call sign, work social media usernames, grade, role, rank, start date, end date, work history, computer and communications monitoring information, vehicle number plate, pager number, leave and absence, proof of right to work, building access records.

Financial details

Salary, payroll records, bank details, pension, tax, allowances, state benefits, property ownership, compensation payments.


Qualification, establishment, establishment address.

Narrative data

Biography, CV, situational description, occupational experiences, behavioural characteristics, professional membership, personal references, performance evaluations, discipline, or grievances.

Special category data

Racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Criminal offence data

Information relating to criminal offences (alleged or proven) or personal data held with the intention of bringing about a criminal prosecution.

Our Legal Basis for Processing

Our legal basis for processing your personal data will depend on the specific activity we are undertaking. Normally we process personal data for the reasons set out below. As we are a Fire and Rescue Service, we have legal duties and/or powers that allow us to process personal data for us to perform our function. As such we normally process your data based on our Public Task. It will often be the case that you will be voluntarily providing us with your information, but the processing of that information will be done because it is required for us to perform our function rather than because you have agreed. However, there are some circumstances where we will rely on your consent to allow us to use your data. Where this is the case, and you do not provide the data we may not be able to provide you with our services.

Our main processing reasons are:

Public task – the information is necessary for us to carry out a task in the public interest or in the exercise of our functions as a fire and rescue authority. Examples of our core functions are described below:

  • As a fire and rescue authority, we have many duties and powers that give us legal powers to undertake those functions. Our core functions, as described in the Fire and Rescue Services Act 2004, require us to give fire safety advice and prevent fires from happening, enable us to respond to fires and to protect life and property, and to enable us to respond to road traffic collisions and other emergencies. We also have a power to respond to other eventualities where there is a situation that may cause or is likely to cause someone to die, be injured or become ill, or that may harm to the environment.
  • The Authority also has the powers to enforce and regulate fire safety law, such as the Regulatory Reform (Fire Safety) Order 2005.

Contractual – we need the information for the performance of a contract we have with you or that you are preparing to enter with us.

Legal obligation – it is necessary to use the information to fulfil a legal obligation that we must comply with.

Vital interests – we are gathering information as part of an operational incident where there is a risk to someone’s life.

Special categories of personal data

Data protection law recognises that there are some types of personal data that are particularly sensitive and should not be used unless necessary. This special category of data includes data revealing; racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data to uniquely identify someone, data concerning health or data concerning a person’s sex life or sexual orientation.

When it is necessary for us to process any of these special category data types, it will usually be because.

  • It is necessary for a task within our statutory functions and of substantial public interest
  • It is necessary to protect your vital interests or those of another person where the data subject is physically or legally incapable of giving consent
  • It relates to a legal claim or legal process
  • We need to identify and keep under review the equality of opportunity and treatment of different groups of people
  • We are processing criminal offence data in relation to employment, public interest or to fulfil our statutory functions or a legal obligation.
How long will we keep your information?

We have a retention schedule which records how long we keep your information. We only retain your information for the minimum amount of time that it is necessary.

Who do we share your personal information with?

To ensure that we support the needs of members of our communities it is sometimes necessary for us to share some or all your information with other organisations. We only do this when necessary, or is required by law, for a clear and legitimate purpose.

Generally, we share information to:

  • Organisations who are providing services and care during emergencies
  • Organisations that can provide you with advice or assistance to prevent you being injured, ill or to prevent harm from the environment
  • prevent or detect crime, including the prevention of fraud
  • conduct or defend a legal proceeding

The categories of organisations who we might share personal data with are shown below:

  • Emergency services
  • Local authorities
  • Health providers
  • Government agencies
  • Legal services
  • Regulators
  • Employers and businesses
  • Appropriate adults
  • Contractors and suppliers (“Data processors”)
How do we keep your information safe?

Keeping your information safe is important to us. As part of this we provide training to all our staff in data protection and ensure that everyone understands its importance. We also have a wide range of technical and organisational measures in place to prevent unauthorised access and use of your data.

Your Rights

The Data Protection Act 2018 and the UK GDPR gives you various rights regarding data about yourself. These rights include:

The Right of Access

You have the right to ask if and/or why HIWFRS are using your personal information, and/or for a copy of this information. You are only able to get information about yourself.

The Right of Rectification

You have the right to request any inaccurate information about you be corrected and/or updated. To update your information HIWFRS will need the new information and proof of that change e.g., changing your maiden name to your marital name would need to see a marriage certificate.

If the correction you request cannot be verified HIWFRS will not action the change.

The Right to Erasure

This is not an absolute right, and we may need to continue to use your information. We will let you know if this is the case.

The Right to Restrict Processing or Object to Processing

You have the right to request that your information is not used in certain ways. However, this is not an absolute right, and we may need to continue using your information. We will let you know if this is the case.

The Right to Data Portability

You have a right to request your information in a specific format so that it can be easily processed by another organisation. To do this HIWFRS will need to know what information you want to transfer, to whom HIWFRS are transferring it (with appropriate contact details) and in what format.

If HIWFRS are unable to provide the information in the format you request HIWFRS will write to inform you and ask for your alternative preferences.

Rights related to Automated Decision-Making including profiling

Automated decision making occurs where an electronic system uses personal information to make a decision without human intervention. HIWFRS does not make any decisions that will have a significant effect on you without human involvement, including profiling.

The Right to Withdraw Consent

You have the right, when the processing of your information is based on Consent, to withdraw it.

The Right to be Informed

You have a right to be told when and why HIWFRS processes and/or collects your information.


We normally provide you with your data free of cost. However, where a request is excessive or manifestly unfounded, HIWFRS reserves the right to charge a fee. If a fee is necessary, HIWFRS will inform you of the fee and how to pay it; this fee will be based on the reasonable administrative costs of complying with your request. Where HIWFRS have requested a fee be paid your request will not be processed until funds are received.

Need a privacy notice in a different format?

Upon request, we will be able to provide you with a copy of this privacy notice in a hard copy format. Please see our Contact us page.

Contact Details

Hampshire & Isle of Wight Fire and Rescue Authority is the authority which provides a Fire and Rescue Service for Hampshire and the Isle of Wight.

Hampshire & Isle of Wight Fire and Rescue Authority is the Data Controller for information relating to the information used as part of its functions and is registered with the Information Commissioners Office (ICO).

Hampshire & Isle of Wight Fire and Rescue Service
Hampshire Fire & Police Headquarters
Leigh Rd
SO50 9SJ

Tel: 023 8064 4000

You can also contact us via our Get in Touch Form.

Data Protection Officer Contact Details

Our Data Protection Officer is the Information Compliance Manager and has day-to-day responsibility for providing advice on data protection to HIWFRS. To contact the Data Protection Officer, or to use your rights, including to make a subject access request, you can contact us via our Get in Touch form, please select I want to “Make a Data Protection Request”, or by calling the number above and asking for the Information Compliance Team. You can also write to us at the above address stating it is for the Information Compliance Team or email us at

How to raise a concern

If you have any concerns about our use of your personal information, you can make a complaint to our Data Protection Officer by contacting them as mentioned above in the first instance.

You can also complain to the ICO if you are unhappy with how we have used your data and dealt with your concern.

Our registration number with the ICO is Z5078456.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane

Helpline number: 0303 123 1113

ICO website:

Last updated March 2021

Sign up to receive our latest information to your email