An individual’s rights regarding their personal information

It's possible we'll take more than one calendar month ​to supply information for Personal Information Requests. The Information Commissioner recognises that longer time may be needed as we have to prioritise other work to keep services running during the COVID-19 situation. Thank you for your patience.

Under the legislation, an individual has the right:

• to be informed that processing of their personal data is being undertaken and the reason for this (which is normally in the form of a ‘Privacy Notice’);
• to access their personal information that falls within the scope of the legislation within the statutory one calendar month, which is called a Subject Access Request - SAR (see below);
• the rectification of their personal information if what we hold is inaccurate or incomplete;
• to data erasure (in certain circumstances) if there is no valid or lawful reason for us to retain the information;
• to restrict or suppress processing (in certain circumstances) which can limit the way in which we use their information;
• to data portability for the individual to obtain and re-use their information for their own purposes;
• to object to processing, such as for direct marketing;
• to be informed when their personal information is subject to automated decision making and profiling; and
• to exercise their rights through the Information Commissioner Office (ICO)

Please visit the ICO website for further guidance on individual rights https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Subject Access Requests (SARs)

An individual has the right to access (or can request a copy of) personal information that AF&RS hold about them, which is commonly known as a ‘Subject Access Request (SAR)’. Providing it is a reasonable request, AF&RS are obliged to comply.  Viewing information that is held about the individual will provide them with the opportunity to ensure that any personal information that AF&RS may hold is correct.

Subject Access Requests within AF&RS are coordinated and processed by the Data Protection team and are dealt with on a ‘case by case’ basis.  AF&RS do not charge for processing SARs, however, the legislation allows some discretion when dealing with requests for manifestly unfounded or excessive requests, in particular if they are repetitive. Under the new legislation, AF&RS can charge a reasonable fee, taking into account the administrative costs of providing the information; or refuse to respond.  If the latter is the case, we will explain the reasons and assist the individual to re-submit their request in a more manageable form.

What to do if you wish to submit a SAR or submit a request concerning any of the other information rights

• Please submit your request by email to This email address is being protected from spambots. You need JavaScript enabled to view it. 
  or in writing to the Data Protection Officer, Avon Fire & Rescue Service, Police & Fire Headquarters, PO Box 37, Valley Road, Portishead, Bristol, BS20 8JJ
  
• Explain which information right your request is relating to
• Provide contact details and method of communication
• Provide a form of ID to confirm your identity (such as a copy of a Driving Licence or Passport)
• If another organisation or individual is acting on your behalf, include a signed letter of authorisation as well as a copy of ID to verify signature and your identity
• Advise if there is any period within the one calendar month when you are not available in case we need to get in touch with you
• Be specific with what information you are asking us to action, which will assist us to conduct the required searches, such as:
  • Information which will help us to identify your record, such as names, addresses, brigade number, and other reference numbers
  • Reason why we may hold your personal data, such as current/former member of staff, if you were involved in an incident that we attended or we provided you with Home Fire Safety Visit etc.
  • date ranges that may apply
  • details relating to specific information/subject/event if required
  • types of documents or other forms/methods where we may hold your information

As part of the request process AF&RS will:

• acknowledge your request in writing;
• treat information in confidence;
• explain how we are going to conduct the search for information requested;
• provide search criteria or seek further clarification from you if the request is unclear;
• advise on the timelines for providing the information/action to your request;
• keep you informed of any issues , such as if we are waiting for information from another source;
• advise you if any redactions and exemptions that may impact on your request (such as redacting 3^rd party personal data to protect it from release);
• if we are unable to comply with your request, we will explain our reasons why in writing or assist you to re-submit the request if appropriate;
• for Subject Access Requests, make suitable arrangements for providing you with the information and in what format;
• advise you of the appeals process should you not be satisfied and how you can make a complaint; and
• retain request correspondence and any associated paperwork for 3 years from the date of the last correspondence.  Once that retention period has been reached, your request and any information generated from that request will be securely disposed of (please note that in some circumstances, information that is generated by other departments may need to be retained for longer for legal or legitimate reasons as per our Service’s Retention Schedule).  We do retain a log of the request for our records.

CCTV Requests:

Information about how to make requests for footage and images captured by our CCTV systems is on our CCTV page.

All CCTV requests are dealt with on a case by case basis. 

If you are a private individual/member of the public, please note we will only consider release of data to an official/legal representative acting on your behalf (solicitor, doctor, insurer, etc.). 

This is because they have policies and procedures for the secure handling of personal data, and we need to protect the integrity and security of any data we choose to share with a third party in accordance with the Information Commissioner (ICO) and Home Office codes of practice.

They will be able to state proof of entitlement to the data to give us a legal reason to provide it, and should include a letter of authority to confirm they are acting on your behalf and proof of your identification.