°ÄÃŽðËãÅÌ×ÊÁÏÃâ·Ñ´óÈ«

Emergency Planning and Business Continuity Privacy Notice

Emergency Planning and Business Continuity Privacy Notice

This privacy notice applies to the Emergency Planning and Business Continuity service provided by °ÄÃŽðËãÅÌ×ÊÁÏÃâ·Ñ´óÈ« and should be read in addition to °ÄÃŽðËãÅÌ×ÊÁÏÃâ·Ñ´óÈ«'s Full Privacy Notice.

Purpose for processing

The service processes personal data in order to deliver the Council’s statutory responsibilities and duties as a Category 1 Emergency Responder as set out by the Civil Contingencies Act (CCA) 2004. The CCA 2004 relates to civil protection and contingency (emergency) planning. This includes processing personal data for the following purposes:

  • to support community resilience by preparing residents for emergencies in advance of incidents/emergencies
  • to create emergency and business continuity plans
  • to collate and share vulnerable persons data with emergency service partners during an emergency incident

Personal information collected and lawful basis

The Emergency Planning and Business Continuity service commits to use anonymised data wherever possible during the risk assessment and planning process. However, during an emergency, it may be necessary to collect the following personal details to protect individuals from harm and to fulfil our statutory duties:

  • names
  • job titles
  • telephone numbers
  • postal addresses
  • email addresses
  • emergency contact details
  • date of birth
  • special needs of individual(s)

We may also process some special category (sensitive) data to ensure that we deliver emergency services appropriate to your needs. This will be relevant to individual cases and may include some of the following but is not limited to:

  • health including disabilities and special needs
  • racial or ethnic origin
  • religious or philosophical beliefs

The legal bases for processing this personal data are:

  • Legal obligation - processing is necessary to comply with the law outlined in section 2 of the Civil Contingencies Act (CCA) 2004 and accompanying regulations (Regulations 45 to 54 of The Civil Contingencies Act 2004 (Contingency Planning) Regulations 2005). Other legislation/regulation supporting this function is:
    • Health and Social Care Act (2014)
    • Control of Major Accident Hazards Regulations 2015
  • Vital interest - processing is necessary to protect someone’s life
  • Public task – processing is necessary to perform a task in the public interest

The special category condition for processing is:

  • health or social care
  • public health

Who we may share your information with

We may need to share the personal information you have given to us or we’ve collected about you with partner organisations where relevant to the individual and/or their care provision. These include but are not limited to:

  • other °ÄÃŽðËãÅÌ×ÊÁÏÃâ·Ñ´óÈ« services
  • emergency services
  • NHS agencies
  • care providers
  • utility companies
  • voluntary organisations
  • other local authorities

Information will only ever be shared when it is strictly necessary to help us provide effective services and you may have the right to refuse. We will not pass it onto any other parties unless required to do so by law or in all reasonable circumstances the disclosure is fair and warranted for the purposes of processing or subject to a data protection exemption.

We have specific data sharing agreements in place with local agencies and sometimes the law requires that we may have to pass your details on to a third party, for example, to prevent crime.

 

How long we will hold your information

The standard record retention periods are as follows:

  • vulnerable persons and premises’ document will be deleted 2 weeks after the incident has closed
  • information relating to Pre-Incident, Incident Response and Incident Response Recovery are retained for a period of 6 years from when the incident is closed, and then deleted
  • information relating to Major Incident Response and Major Incident Recovery are retained for a period of 6 years from when the incident is closed. After that period, the data is anonymised and retained indefinitely

More information about our retention periods can be found in our summary Disposal Schedule (Excel file).

Please note stated retention periods may be subject to any legal holds imposed under the Inquiries Act 2005 that may concern the information and override standard retention periods.

 

Your information rights

You are entitled to a copy, or a description, of the personal data we hold that relates to you, subject to lawful restrictions. Please go to our Make a Data Protection Request webpage to find out how to make a request.

You may be entitled to rectification, restriction, objection, and erasure of your personal information depending on the service and legal basis. Please in the first instance contact dataprotection@worcestershire.gov.uk to exercise these Information Rights or call the main °ÄÃŽðËãÅÌ×ÊÁÏÃâ·Ñ´óÈ« contact telephone number of 01905 765765.

Please see our overarching Privacy Notice for further contact details and if you have a complaint about your information rights

Changes to this notice

We keep this privacy notice under regular review and we will place any updates on this web page. This notice was last updated on 12 October 2022.

Was this page useful?