The Data Protection Act 2018 (DPA), and UK General Data Protection Regulation (UK GDPR) protect personal information and ensures that it is handled properly.  Personal information is information about ‘you’ the ‘data subject’. It might include your name, date of birth, address or telephone number, the job you do or the place you went to school.

This legislation obliges Royal Berkshire Fire and Rescue Service (RBFRS), as a Data Controller, to manage the information we hold in a proper way. It states that anyone who processes personal data must comply with the key principles:

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability                        

Under the legislation, individual rights and the international transfers of personal data are dealt with separately. 

The Information Commissioner’s Office (ICO), are the independent authority who regulate and enforce the compliance of the Data Protection legislation.  We are required to register as a Data Controller with the ICO every year. 

Unless subject to lawful restrictions (exemptions), the Data Protection legislation provides the following rights to individuals:

You have the right to be informed of how we collect and use your personal data to fulfil our obligations of fair and transparent processing. Our privacy notices explain this in more detail.

You can make a request to obtain a copy of the personal data that we hold about you by submitting a Subject Access Request (SAR).

You can ask us to correct any incomplete or inaccurate information we hold about you.

This right only applies in certain circumstance and enables you to ask us to delete or remove your personal data. For example, if the data is no longer needed for the purpose that it was originally collected.

You have the right to ask us to suspend or restrict the processing of your data in certain circumstances. For example, if you want us to establish its accuracy or the reason for processing it.

This right enables you to request a copy of your data in an accessible electronic format, that can be transferred to other organisations. This only applies in certain circumstances for example, when you have provided the data to us.

In certain circumstances, you have the right to object to us processing your personal data, for example if it is for direct marketing purposes.

At this time, RBFRS does not process personal data using this method or undertake profiling activities.

Further information about your personal data rights is available on the ICO website – your data matters page.

Please contact us if you want to make a Subject Access Request or exercise any of your other personal data rights. 

We would encourage you to submit your request in writing via email or letter. You can download our Data Subject Request Form to help you with this. Include your name, contact details and as much detail as possible to assist us in locating the information relevant to your request.  You will also have to provide proof of your identity.

Data Subject Request Form [PDF] – open in Adobe Acrobat to use the form fill and sign tools

Data Subject Request Form [WORD DOCX]

Subject to certain exemptions, you have a right to be told whether we hold any information about you (your ‘personal data’) and a right to be provided with a copy of that personal data.

Under Data Protection Legislation, in certain circumstances, we may decide not to provide you with some personal data. For example, we are not likely to provide you with information that identifies other individuals.

There is normally no charge, however, in certain circumstances, we may charge a ‘reasonable fee’ for the administrative costs of complying with your request.  If this is the case, we will inform you.

We need to be satisfied that you are who you say you are. Consequently, you will also be required to provide evidence of your identity and address.

To help us establish your identity, your application must be accompanied by one document proving identity (list 1) and two documents proving address (list 2). Originals are not required, but can be copied if presented in person.

• Current signed passport
• Current photocard driving licence (full or provisional)
• National identity card bearing a photograph of the applicant
• Valid old style UK driving licence 
• EEA member state identity card
• Residence permit issued by the Home Office

• A current photocard driving licence (full or provisional)
• A valid old style UK driving licence
• Current council tax demand letter or statement (no more than three months old)
• Current bank or building society statement or passbook issued by a regulated financial sector firm (no more than three months old)
• Utility bill recording the company that issued the bill and date of issue (no more than three months old)
• Inland revenue PAYE coding notice (P2) current year or Inland Revenue Statement of Account for the current tax year.

Data Protection Officer 
Royal Berkshire Fire and Rescue Service
Newsham Court
Pincents Kiln
Calcot
Reading
Berkshire
RG31 7SD

DataProtection@rbfrs.co.uk   

0118 945 2888

Once your request and proof of identity is received and verified, we must respond to your request as quickly as possible, and no later than one calendar month.  This time frame may be extended by a maximum of two more months if your request is complex or you have submitted a number of requests.

Your request will be managed by our Data Protection Officer Cath Dukes, or a member of the Information Governance Team.

Please contact us if you have any questions about making a subject access request, or exercising any of your personal data rights.

The information supplied in connection with an Individual Rights Request will be used for the purpose of administering the request – please refer to our privacy notice [adobe pdf] to understand what information we collect about you and your rights under Data Protection Legislation.

RBFRS is committed to protecting your personal data and privacy. We recognise that making sure the personal data we keep about you is accurate and secure is essential to retaining your confidence and trust.  For further information, see Privacy and Data Processing.