Data Protection


GDPR (General Data Protection Regulation)

What does the GDPR mean?

Merseyside Fire and Rescue Authority is a large organisation providing a range of services to the community. To administer the services efficiently it is necessary to keep and use information about people. This includes employees (including potential and ex-employees), Fire and Rescue Authority members, volunteers, suppliers and service users.

An increasing proportion of personal information is held in electronic files in addition to manual records. This information is used by authorised staff to provide and improve services provided by Merseyside Fire and Rescue Authority.

What is personal data?

The definition of personal data under the GDPR means any information relating to an identified or identifiable natural person ('data subject') who can be identified directly or indirectly by that data.

What are the six principles of the GDPR?

Merseyside Fire and Rescue Authority wishes to be open about the type and extent of personal data it holds and as a responsible body is committed to following the six principles of the GDPR when dealing with personal information.

The principles set out that personal data will be:

  • Processed lawfully, fairly and in a transparent manner.
  • Collected for specified, explicit and legitimate purposes.
  • Adequate, relevant and limited to what is necessary.
  • Accurate and, where necessary, kept up to date.
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed.
  • Processed in a manner that ensures appropriate security of the personal data.

What are my rights under the GDPR?

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision making and profiling

The GDPR gives people the right to apply for copies of personal data. This application is called a Subject Access Request (SAR).

When a request for personal data is received, Merseyside Fire and Rescue Authority will reply to the request within one month, as required under the GDPR.

No charge applies for supplying the personal data requested. For security purposes and to ensure confidentiality, Merseyside Fire and Rescue Authority will ask potential applicants for evidence to confirm their identity, e.g. driving licence, birth certificate or ID card.

If you would like further information, please contact the Information Management Officer.

If you wish to request Personal Information you should first complete a Subject Access Request Form. Once you have completed the form it should be sent to:

Information Management Officer
Strategy and Performance
Merseyside Fire and Rescue Authority
Fire Service Headquarters
Bridle Road
L30 4YD

Tel: 0151 296 4425