Fire engine

Data sharing and protection

Data Sharing and Protection

South Yorkshire Fire & Rescue (SYFR) is committed to protecting your personal data and privacy. Any personal information you give to us will be processed in accordance with the UK Data Protection legislation and the General Data Protection Regulation (GDPR).

How we use your information

The information you provide to us will only be used for the purposes that you provide it and will never be used for third party marketing. Examples of how we may use your information include:

  • Enabling the Service to compile statistics, or to assist other organisations to do so, provided that no statistical information that would identify you as an individual will be published;
  • Offering relevant safety services such as: fire safety courses, risk assessments for businesses, and Home Safety Checks (HSCs) for householders;
  • To undertake projects with our partner agencies including local government bodies and universities. In all cases, strict Information Sharing Agreements (ISAs) will be in place;

The information will be kept securely, and will be kept no longer than necessary. We will only collect the minimum information necessary to fulfil that purpose.

When we collect your personal data we will advise you:

  • What your information will be used for;
  • Who it may be shared with;
  • Where your consent is required to collect personal data.

Types of Data:

There are essentially four types of data SYFR would use during data sharing. These are:

  • Personal Data

Data protection legislation and GDPR apply only to personal data about a living, identifiable individual. However the definition of personal data is highly complex and for day to day purposes it is best to assume that all information about a living, identifiable individual is personal data.

Such personal data might include, but not be limited to:

  • Name;
  • Address;
  • Telephone Number;
  • Age;
  • A unique reference number if that number can be linked to other information which identifies the data subject, such as a National Insurance Number or Payroll Number.

The law imposes obligations and restrictions on the way that SYFR and its partners process personal data. Data protection legislation and GDPR regard ‘processing’ of data to include collecting, storing, amending and disclosing data. The individual who is the subject of the data (the “data subject”) has the right to know who holds their data and how such data will be processed, including how such data is to be, or has been shared.

Special Category Data

In the GDPR certain types of data are referred to as “special category data”, for example:

    • Ethnic origin;
    • Political opinions;
    • Religious beliefs;
    • Trade union membership;
    • Genetics;
    • Biometrics;
    • Health;
    • Sexual orientation.

The law says that for Public Authorities to use your special category data they should seek, where possible, your explicit consent regarding what the information will be used for and with whom it will be shared. Generally this is achieved by seeking your consent when you make application for a service from SYFR.

Personal data relating to criminal convictions and offences

This would include information relating to the commission or alleged commission of any offence, or any proceedings for any offence committed, or alleged to have been committed, the disposal of such proceedings, or the sentence of any court in such proceedings.

Anonymised and Aggregated Data

The use of anonymised and aggregated data can be treated in very similar ways. Anonymised data are individual data records from which the personally identifiable fields have been removed.

Aggregated data is data which has been processed to produce a generalised result, and from which individuals cannot be identified. However caution needs to be taken when such aggregations could lead to an individual being identified e.g. groupings with small distribution leading to isolation of individual characteristics.

On the basis that anonymised and aggregated data does not identify individuals, the processing of such data is not regulated by data protection legislation and the GDPR. In 2012 a new code of practice was published on anonymising data, designed to reduce the likelihood and risk of individuals being identified through re-identification. A summary of the code can be found on the Information Commissioner’s Office (ICO) website, https://ico.org.uk/.

This content was last updated on May 10th, 2018