PRIVACY NOTICE
Last updated 11/03/2022
We are West Midlands Fire Service (“company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices with regards to your personal information, please contact us at datamanager@wmfs.net.
When you visit our website www.wmfs.net and use our services, you trust us with your personal information. We take your privacy seriously. In this privacy notice, we describe our privacy policy. We hope to explain to you, in the clearest way possible, what information we collect, how we use it and what rights you have in relation to it. Please take some time to read through it carefully, it’s important. If there are any terms in this privacy policy that you do not agree with, please do not use our products, Sites and Services.
This privacy policy applies to all information collected through our website (such as www.wmfs.net), and/or any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Sites”).
Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.
Further and more detailed information regarding the use of your data by us as a service can be found on our organisational privacy policy.
1. What information do we collect?
In summary: We collect personal information that you provide to us such as name, address, contact information, passwords and security data, and payment information.
We collect personal information that you voluntarily provide to us when expressing an interest in obtaining information about us or our products and services when participating in activities on the Sites or otherwise contacting us.
The personal information that we collect depends on the context of your interactions with us and the Sites, the choices you make and the products and features you use. The personal information we collect can include the following:
Name and Contact Data. We collect your first and last name, email address, postal address, telephone number, and other similar contact data. This may also include details about a business, if that information is submitted in connection with a service or activity we undertake.
Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
Payment Data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (a credit/debit card number), and the security code or expiry information associated with your payment instrument. Our payment processor stores all payment data and you should review its privacy policies and contact the payment processor directly to respond to your questions. More detail on this can be found under section 10 ‘Purchases On Our Site – E-commerce’ in our website terms and conditions.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
2. Information automatically collected
In summary: Some information – such as IP address and/or browser and device characteristics – is collected automatically when you visit our Sites.
We automatically collect certain information when you visit, use or navigate the Sites. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Sites and other technical information. This information is primarily needed to maintain the security and operation of our Sites, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
Information collected from other sources
In summary: We may collect limited data from public databases, marketing partners, and other outside sources.
We may obtain information about you from other sources, such as public databases, joint marketing partners, as well as from other third parties. Examples of the information we receive from other sources include social media profile information; marketing leads and search results and links, including paid listings (such as sponsored links).
3. How do we use your information?
In summary: We process your information for purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, and/or your consent.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your information are
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting datamanager@wmfs.net
(b) We have a contractual obligation
(c) We have a legal obligation
(d) We have a statutory obligation.
Not all of the above will apply to you. We use the personal information collected via our Sites for a variety of business purposes described, aligned to the above lawful basis and we’ve outlined some example specific business reasons below.
We use the information we collect or receive:
To facilitate account creation and logon process. If you choose to link your account with us to a third party account *(such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process.
To send you marketing and promotional communications. We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes if this is in accordance with your marketing preferences. You can opt-out of our marketing emails at any time by emailing datamanager@wmfs.net.
To send administrative information to you. We may use your personal information to send you information about a product, service and new feature information and/or information about changes to our terms, conditions, and policies.
To provide, or aid in the provision of, goods or services to you or a company you represent as is required by a request you’ve made or contract/agreement we have with you.
Request Feedback. We may use your information to request feedback and to contact you about your use of our Sites.
To enforce our terms, conditions and policies.
To respond to legal requests and prevent harm. If we receive a legal request, we may need to inspect the data we hold to determine how to respond.
In accordance with any legal, statutory or other purpose as outlines our wider organisational privacy policy.
For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Sites, products, services, marketing and your experience.
4. Will your information be shared with anyone?
In summary: We only share information with your consent, to comply with laws, to protect your rights, or to fulfil business obligations.
We may process or share data based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal processes, such as in response to a court order (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
Vendors, Consultants and Other Third-Party Service Providers.
We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf. Examples include payment processing, data analysis, email delivery, booking systems, hosting services, customer service and marketing or software to enhance our website or similar services. We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect data about how you interact with the Sites over time. This information may be used to, among other things, analyse and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
5. Who will your information be shared with?
In summary: We only share information with the following third parties.
We only share and disclose your information with the following third parties. We have categorised each party so that you may easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to revoke your consent, please contact us.
Content Optimisation
YouTube – Read their Privacy Policy
Spam Protection
Google reCAPTCHA – Read their privacy policy.
Invoice and Billing
Stripe and PayPal – Read Stripes Privacy Policy – Read Paypal’s Privacy Policy
Web and Mobile Analytics
Google Analytics – Read their Privacy Policy
Hosting
Our website is hosted on a cloud server in the UK, called Brixly UK Ltd. Read their privacy policy here
6. Do we use cookies and other tracking technologies?
In summary: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.
7. How long do we keep your information?
In summary: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, or our organisational privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). Data submitted via website forms is automatically deleted from our site 180 days after submission. However, teams and departments in West Midlands Fire Service that receive this information for a legitimate purpose may hold the data beyond this period, but only as outlined above.
When we have no ongoing legitimate business or legal need to process your personal information, we will either delete or anonymise it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8. How do we keep your information safe?
In summary: We aim to protect your personal information through a system of organisational and technical security measures. More details are available in our organisational privacy policy.
We have implemented appropriate technical and organisational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, the transmission of personal information to and from our Sites is at your own risk. You should only access the services within a secure environment.
9. Do we collect information from minors?
In summary: We do collect and store data about minors, but only when it has been submitted by a parent or guardian and is being used in relation to services being directly provided to those minors or their parents or guardians.
Examples include:
- joining or participating in Fire Cadet groups
- joining or participating in educational activities, such as;
- visits to our Safeside educational centre
- youth arson prevention programmes
- youth road safety and prevention programmes
The above list is not exhaustive. However, we only hold data for as long as is required to perform our duties in relation to these types of activities. Further information on our data storage and privacy can be found on our organisational privacy policy.
We do not knowingly solicit data from or market directly to children under 18 years of age. By using the Sites, you represent that you are at least 18, or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Sites. If we learn that personal information from users less than 18 years of age has been collected that has not been provided by a consenting parent or guardian, we will deactivate the account, or delete the data and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at datamanager@wmfs.net.
10. What are your privacy rights?
In summary: West Midlands Fire Service is based in England so we work under UK law. This means we collect and process data in accordance with the EU General Data Protection Regulation and UK Data Protection Act 2018. This gives you various rights around the data outlined below.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we will respond within the legal statutory time required.
Please contact us at datamanager@wmfs.net if you wish to make a request.
11. Controls for do-not-track features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practise in a revised version of this Privacy Policy.
12. Do we make updates to this policy?
In summary: Yes, we will update this policy as necessary to stay compliant with relevant laws or due to changes in which we process information.
We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
13. How can I complain if I’m not happy with how you’ve handled my data?
Contact us with your complaint:
If you have questions, comments or complaints about this policy or how we’ve handled your data, you may contact West Midlands Fire Service, by email at datamanager@wmfs.net, by phone at 03300 589000, or by post to:
West Midlands Fire Service
Take it further
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk