The Data Protection Act 2018 (DPA), and UK General Data Protection Regulation (UK GDPR) protect personal information and ensures that it is handled properly. Personal information is information about ‘you’ the ‘data subject’. It might include your name, date of birth, address or telephone number, the job you do or the place you went to school.
This legislation obliges Royal Berkshire Fire and Rescue Service (RBFRS), as a Data Controller, to manage the information we hold in a proper way. It states that anyone who processes personal data must comply with the key principles:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
Under the legislation, individual rights and the international transfers of personal data are dealt with separately.
The Information Commissioner’s Office (ICO), are the independent authority who regulate and enforce the compliance of the Data Protection legislation. We are required to register as a Data Controller with the ICO
Unless subject to lawful restrictions (exemptions), the Data Protection legislation provides the following rights to individuals:
- The right to be informed (privacy information, which may be provided in the form of a privacy notice)
- The right of access (this is called a Subject Access Request)
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Further information about your personal data rights is available on the ICO website – your data matters page.
Please contact us if you want to make a Subject Access Request or exercise any of your other personal data rights.
Your request can be submitted via letter, or email – to help you do this you can download our Subject Access Request Form. Include your name, contact details and as much detail as possible to assist us in locating the information relevant to your request. You will also be required to provide proof of your identity.
Your Subject Access Rights
Subject to certain exemptions, you have a right to be told whether we hold any information about you (your ‘personal data’) and a right to be provided with a copy of that personal data.
Under Data Protection Legislation, in certain circumstances, we may decide not to provide you with some personal data. For example, we are not likely to provide you with information that identifies other individuals.
There is normally no charge, however, in certain circumstances, we may charge a ‘reasonable fee’ for the administrative costs of complying with your request. If this is the case, we will inform you.
Proof of Identity
We need to be satisfied that you are who you say you are. Consequently, you will also be required to provide evidence of your identity and address.
To help us establish your identity, your application must be accompanied by one document proving identity (list 1) and two documents proving address (list 2). Originals are not required, but can be copied if presented in person.
1. Identity documents
- Current signed passport
- Current photocard driving licence (full or provisional)
- National identity card (not including ID cards issued to UK citizens)
- Valid old style UK driving licence
2. Address documents
- A current photocard driving licence (full or provisional)
- A valid old style UK driving licence
- Current council tax demand letter or statement (no more than three months old)
- Current bank or building society statement or passbook issued by a regulated financial sector firm in the UK, EU or comparable jurisdiction (we cannot accept any documents printed from the internet and they must be no more than three months old)
- Utility bill (recording the company that issued the bill and date of issue. We will not accept any printed from the internet and they must be no more than three months old)
- Inland revenue PAYE coding notice (P2) – current year or Inland Revenue Statement of Account – current tax year.
Data Protection Officer
Royal Berkshire Fire and Rescue Service
Once your request and proof of identity is received and verified, we must respond to your request as quickly as possible, and no later than one calendar month. This time frame may be extended by a maximum of two more months if your request is complex or you have submitted a number of requests.
Your request will be managed by our Data Protection Officer Cath Dukes, or a member of the Information Governance Team.
Please contact us if you have any questions about making a subject access request, or exercising any of your personal data rights.
The information supplied in connection with a Subject Access Request will be used for the purpose of administering this request – Please refer to our privacy notice [adobe pdf] to understand what information we collect about you and your rights under Data Protection Legislation.
RBFRS is committed to protecting your personal data and privacy. We recognise that making sure the personal data we keep about you is accurate and secure is essential to retaining your confidence and trust. For further information, see Privacy and Data Processing.