Data Protection and Privacy Information

Universal Privacy Policy

The EU General Data Protection Regulation (GDPR) came into effect on May 25, 2018. This regulation sets a new standard for how organisations collect, use, and protect EU citizens’ personal information. 

County Durham and Darlington Fire and Rescue Service (CDDFRS) on behalf of County Durham and Darlington Fire Authority (CDDFRA) is a Registered Data Controller.  We are committed to protecting your personal data and privacy. We recognise that ensuring the accuracy and security of your personal data is essential to retaining your confidence and trust. The information you provide to us will only be used for the purposes that you provide it and will never be used for third party marketing.

CDDFRS does not solicit, does not require and you should not disclose to CDDFRS any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) via our website.

County Durham and Darlington Fire and Rescue Service - this Universal Privacy Policy explains how we collect, use and protect your personal details.

Why are we collecting your information?

When we collect and process information about you, we do so according to UK data protection law. This means we will be fair and transparent about the data we collect, and we will keep your information safe. We collect your personal information to allow us to carry out our various business functions. Our business-related privacy notices are listed below please click on the links for further information. 

How we collect the information about you.

Most of our information comes directly from you, a family member, employer or representative, other public bodies such as the Police or Ambulance Service, using computer systems, paper records, telephone calls and emails. This can include information you provide on an official form (online or paper) and also information that is recorded on CCTV cameras operating within CDDFRS sites and on firefighting vehicles.

What information is being collected?

Personal data being collected may include, but not be limited to:

  • Name
  • Address
  • Telephone Number
  • Age
  • Email address

Where we have a legitimate and lawful reason for collecting, storing, transmitting or processing sensitive data relating to you we will only do so where we have:

  • Explicit consent has been obtained from the data subject: OR
  • Processing is necessary in order to carry out obligations and exercise specific rights of the data controller for reasons related to employment, social security, and social protection: OR
  • Processing is necessary to protect the vital interests of data subjects where individuals are physically or legally incapable of giving consent: OR
  • Processing is necessary for the establishment, exercise, or defence of legal claims, for reasons of substantial public interest, or reasons of public interest in the area of public health: OR
  • For purposes of preventive or occupational medicine: OR
  • Processing is necessary for archiving purposes in the public interest, scientific, historical research, or statistical purposes: OR
  • Processing relates to personal data which are manifestly made public by the data subject: OR
  • Processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data is not disclosed outside that body without the consent of the data subjects.

Sensitive data may include:

  • Race
  • Ethnic origin
  • Politics
  • Religion
  • Trade Union Membership
  • Generic; biometrics (where used for ID purposes)
  • Health
  • Sexual orientation

How we will use the information about you?

How we use your information depends on which of our services you have used. We have to hold the details of people who have requested a ‘service’ from us in order to provide them with that service and for other closely related purposes. We will only use the information we hold about you for the purposes for which you provided it and only collect the minimum information necessary to fulfil that purpose.

Sharing your information

We have a responsibility to promote social wellbeing. To do this we work with community partners  and key agencies engaged in work related to community safety and wellbeing. Under these arrangements we have a duty to share or receive information where we think that action may need to be taken to safeguard the communities we serve. The agencies that we share with or obtain data from include:

  • Community organisations
  • Unitary authorities (Councils), including Social Care and Housing Associations
  • Police
  • Voluntary services
  • Health Service and their partners
  • Ambulance Service
  • Third parties such as contractors or sub-contractors who provide services on behalf of County Durham and Darlington Fire and Rescue Service.
  • Accreditation Bodies

However, in almost all cases where information is shared, we will have obtained your consent to share it. The exception where we may share without asking you is; if we have a legal duty or power to share information with other statutory bodies.

However, in almost all such cases, we will make you aware if your information is intended to be used in this way and provide the opportunity for you to say ‘No’.  The exception to this is when we are required by law to pass on information; this is explained below.  Further information on Data Sharing can be found on the  Data Protection Act 2018 website. (Opens in a new window)

Decisions will be made on a case by case basis.

Circumstances under which your consent is not required

We are required by law to provide information to other organisations whereby your consent is not necessary.  Examples of these organisations include:

  • Central government
  • Auditors
  • Suppliers employed to process our data
  • Other crime and disorder partners

Where possible, this information is made anonymous to protect your privacy.  The exceptions to this include:

  • Information provided to crime agencies relating to prevention and detection of crime
  • Information which is necessary to prevent serious risk to individuals
  • Our duty under the Children’s Act 2004
  • Provision of data to organisations that process data on our behalf; examples of this currently includes our payroll provider

Staff payroll and pension data, which is provided to external bodies responsible for auditing and administering public funds.  This is for preventing and detecting fraud.  You can obtain further details from our (Opens in a new window) and the Government’s National Fraud Initiative website   (Opens in a new window). 

Information provided to us

NHS Exeter Health Data

Following work by the National Fire Chiefs Council (previously Chief Fire Officers Association CFOA) with NHS England, all English Fire and Rescue Services (FRS) now have access to data that enables County Durham and Darlington Fire and Rescue Service to identify the over 65s and target vulnerable households in order to deliver vital Home Fire Safety Checks, which has had a dramatic effect in reducing deaths and injuries in fires.

Fair Processing Notice

NHS England, the Royal College of General Practitioners and Fire and Rescue Services (FRS) in England work together to ensure preventative resources are offered to those who may benefit most.  This is achieved by referrals and the sharing of information (where relevant, appropriate and necessary) to allow fire service personnel to undertake Home Fire Safety visits.

If you require more information about how NHS England use and share your information, please click on the following link in a new window)

Research has shown that those at high risk from fire death and injury are most likely to impact on a range of NHS services.  Home Fire Safety visits are developed between local health practitioners and FRSs to meet local health-risk priorities.  They therefore represent an intervention which can improve people’s quality of life while reducing demand on critical services.

The majority of fire deaths in the UK occur amongst the elderly population.  However, older people are most vulnerable to fire and a number of other risks.  A Home Fire Safety visit from the FRS is proven to make them safer and can reduce risk significantly across a range of factors.
In one area of the United Kingdom where this work has been piloted since 2007, there has been a very significant reduction in fire deaths and injuries which developed into a current trend well below the national average, proving that this work can save many lives.

The FRS and NHS will continue to work together in the future to ensure the visits undertaken by the FRS are effective in helping to make people ‘safe and well

How do we keep this information secure?

Information collected and held electronically is securely stored either on County Durham and Darlington Fire and Rescue’s infrastructure or hosted by a trusted cloud service provider with access given on a role requirement basis only. The Cloud service provider may be located outside of the EU e.g. United States.

The GDPR does not require personal information of EU citizens to be stored in the EU. The GDPR does require transfers of EU citizens’ personal information outside of the EU to comply with certain international data transfer standards. Where personal data is transferred between the European Union and to the United States, County Durham and Darlington Fire and Rescue Service (CDDFRS) will only use third party providers that comply with the EU-U.S. Privacy Shield Framework

We also take appropriate steps to ensure that we hold paper records in a secure way and will only make them available to those who have the right to see them

We have Information Security Procedures which all personnel adhere too; all personnel also receive data protection training.

We also have the necessary controls in place with external organisations that process data on our behalf or provide IT expertise surrounding our systems, to ensure that the organisation complies with the data protection legislation.

Your Rights

The Data Protection Act (DPA) 2018, in conjunction with the European Union (EU) General Data Protection Regulation (GDPR) 2016, gives you a number of rights relating to your data. These rights include being able to request a copy of the information we hold about you.

Requesting Access to your personal information

Individuals can find out if we hold any personal information by making a Subject Access Request (SAR).

If we do hold information about you, we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to
  • let you have a copy of the information in an intelligible format

To make a subject access request please email or write to us using the details contained in the ‘How to contact us’ section at the bottom of this document. You may ask us to correct or remove information you think is inaccurate.

What happens if I do not want my information collected?

Where possible we will seek to comply with your request, but we may need to hold or process information in connection with one or more of the Service’s functions. You would be informed of the outcome to your request and the rationale behind the decision within one month of receipt of your request.

Requesting correction of inaccurate information

You should let us know if you disagree with something written on your record.  We may not always be able to change or remove the information.  However, we will correct factual inaccuracies and may include your comments in the record.

If you want to request corrections go to the ‘How to contact us’ section of this guidance for correspondence details.

You can find out more about your personal data rights at the Information Commissioner’s Office (ICO) website.  (Opens in a new window).

Automated decision making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We will not make decisions about you that will have a significant impact on you based solely on automated decision-making. If we use automated decision making it will be because it is necessary to perform the contract with you and we will have taken appropriate measures to safeguard your rights.

How long do we keep your data for?

We will retain your information for as long as is required to meet the purpose of collection or as long as the law requires.  Exact information relating to retention periods can be found on our specific privacy notices.

You have a right to request that County Durham and Darlington Fire and Rescue Service stop processing your personal data.  Where possible we will seek to comply with your request, but we may need to hold or process information in connection with one or more of the Service’s functions. You would be informed of the outcome to your request and the rationale behind the decision within one month of receipt of the SAR.

Visitors to our website

When you submit information to us via our website, such as participating in an online survey or submitting a Freedom of Information request, we may receive personal information about you.  This can consist of information such as your name, email address, postal address, telephone or mobile number, depending on the activity.  By submitting your details, you enable County Durham and Darlington Fire and Rescue Service to provide you with the services, activities or online content which you required.


County Durham and Darlington Fire and Rescue Service (CDDFRS) may use ‘cookie’ technology to track or record information about our website visitors.  CDDFRS require the use of ‘cookie’ technology so that we can guarantee we present the correct information to users as they move from screen to screen.  These cookies are ‘session-specific’ and are not used to record personal information or to associate personal information with the use of the CDDFRS.  CDDFRS users who disable their web browsers’ ability to accept cookies will be able to browse our website but may not be able to successfully use all of our services. (Opens in a new window)

Third-Party Sites

The site contains links to other websites.  County Durham and Darlington Fire and Rescue Service is not responsible for the privacy practices or the content of these websites.  Visitors will need to check the privacy policies/ statements of others’ websites to understand their policies.  Visitors who access a linked site may be disclosing their private information.  It is the responsibility of the visitor to keep such information private and confidential.

Changes to Privacy Statement

From time to time, we may use visitor information for new, unanticipated uses not previously disclosed in our privacy notice.  County Durham and Darlington Fire and Rescue Service will update this policy from time to time.  A ‘last revised’ date will always be included on the bottom of the statement.  To keep up-to-date with CDDFRS privacy policy, please check this page periodically. This Privacy Policy was last updated in February 2019.

Contact details for our Data Protection Officer (DPO)

The Data Protection Officer provides direction, support and advice to the Service/Authority, Principal Officers, Heads of Service and all departments across the Service/Authority in relation to their data protection obligations.

Data Protection Officer

For more information contact the Data Protection Officer on the following email address

How to contact us

If you wish to contact us regarding personal information, we may hold about you
Please contact us by:
Telephone: 0345 305 8383

Or in writing to:

The Data Protection Officer
County Durham and Darlington Fire and Rescue Service
Service HQ
Belmont Business Park