Emergency planning privacy notice

How your information will be held and processed by Emergency Planning services.

Emergency planning privacy notice

Published date – 12/02/2019
Review date - 1 April 2019

What services are being provided? 

Department/ Directorate: Emergency Planning, Financial Services

The Emergency Planning and Resilience Team  delivers the Local Authority’s statutory responsibilities and duties as a Category 1 Emergency Responder as set out by the Civil Contingencies Act (CCA) 2004. THE CCA 2004 relates to civil protection and contingency (emergency) planning.

The local authority must plan and prepare for, respond to, and recovery from emergencies.

The statutory duties placed on the local authority as a Category 1 responder includes the anticipation and assessment of risks, production of plans for the purpose of controlling or mitigating the impact of emergency incidents and business disruptions as well as effectively responding to, and recovering from, an emergency.

View the full list of statutory duties for Category 1 and 2 responders

What personal data do we need from you? 

The Emergency Planning and Resilience Team holds and maintains the contact details of organisations and individuals who can help provide emergency relief services which may be called upon in the event of an emergency, for example the contact details of key holders of pre-designated reception centres.

The Emergency Planning and Resilience Team commits to use anonymised data wherever possible during the risk assessment and planning process. However, during an emergency, in order to protect individuals from harm and to fulfil our statutory duties, we may collect and use, but not limited to the following personal data:

  • telephone numbers
  • address
  • postcode
  • emergency contact details
  • date of birth
  • common identifier number / NHS Number / Social Care Reference Number

 Special category (sensitive) data? 

In order that we may deliver emergency response services appropriate to your needs we may also ask for the following ‘special category’ (sensitive) information about you which may include, but not limited to:

  • health
  • gender

We may also receive personal information about you from others

The CCA and accompanying regulations (Regulations 45 to 54 of The Civil Contingencies Act 2004 (Contingency Planning) Regulations 2005) places a duty on Category 1 and 2 responders to share information upon request which relates to the performance of their duties or functions relating to the preparedness, response and recovery stages of an emergency. Personal data can be requested and the responder receiving the request must comply unless an exemption applies.

To help us provide emergency response services appropriate to your needs we may receive personal information about from others including, but not limited to, Category 1 and Category 2 responders, such as:

  • Other  Bournemouth Borough Council departments/directorates e.g. Social Care family members
  • community members
  • care providers
  • emergency services
  • NHS agencies
  • utility companies
  • other local authorities

Who will be using your personal information? 

To help us provide effective emergency response and to ensure we provide the services appropriate to your needs both during an incident and throughout the longer-term recovery period the following organisations or departments may use the information you provide:

  • Bournemouth BC Adult’s and Children’s Social Care
  • Bournemouth BC Geographical Information Systems (GIS) in the instances of vulnerability mapping
  • Health providers

The Data Controller is Bournemouth Borough Council

The Data Protection Officer for Bournemouth Borough Council may be contacted at the below address:

Data Protection Officer

Bournemouth & Poole Information Governance Team

Bournemouth Borough Council

Town Hall

Bournemouth

BH2 6DY

What will your information be used for and what is the lawful basis for requesting and using it?

Your information will be used for:

The purposes of delivering effective emergency response, protecting the citizens of Bournemouth from harm.

Note: If we cannot use your data, we may not be able to provide you with these services, etc. 

Our lawful or legal basis for using your information can be found here 

Article 6.1(e) of the GDPR: “Public Task”

 “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”, or

Article 6.1(d) of the GDPR: “Vital interests”

 “processing is necessary in order to protect the vital interests of the data subject or of another natural person”, and;

Authorised by the Civil Contingencies Act 2004.

With which other organisations may we share your data? 

In some cases we may have to share your personal information with other agencies such as:

The CCA and accompanying regulations (Regulations 45 to 54 of The Civil Contingencies Act 2004 (Contingency Planning) Regulations 2005) places a duty on Category 1 and 2 responders to share information upon request which relates to the performance of their duties or functions relating to the preparedness, response and recovery stages of an emergency. Personal data can be requested and the responder receiving the request must comply unless an exemption applies.

To help us provide emergency response services appropriate to your needs the following organisations or departments, but not limited to, may use the information you provide:

  • emergency services
  • NHS agencies
  • other local authorities
  • social care
  • voluntary organisations

Will your data be stored in, processed or accessible from countries outside the UK, EU or EEA countries? 

No

Some of your data will be stored, processed or accessible in the following countries: N/A

How long will we keep your data? 

We review personal data held for the purposes of emergency response activation at a minimum every three years and will destroy the personal data if it has been superseded. If your personal data was acquired during an emergency incident we will endeavour to delete your data as soon as our use has concluded.

For legal and operational reasons Bournemouth Borough Council will retain all data/relating to emergencies for 3 years at which point retention will be reviewed. 

Our use of your data will be subject to your legal rights as described at the ICO.

Visit the following links for more information about privacy law, our obligations and your rights.

Your Data Matters - Information Commissioners Office (ICO)
The ICO Guide to the General Data Protection Regulation (GDPR)

If you have a concern or issue regarding how we are using your information

We would ask you to contact us in the first instance. Please use the address below:

Customer Services

Bournemouth Borough Council

Town Hall

Bournemouth

BH6 2DY

Telephone 01202 451451

Alternatively you can email us with your questions.

Where can I get advice?

We have a Data Protection Officer who makes sure we respect your rights and follow the law.

If you have any concerns or questions about how we look after your personal information

Please contact the Data Protection Officer, Vivien Bateman, at information.governance@bournemouth.gov.uk

If you still have concerns following our response you have the right to raise the matter with the Information Commissioners Office: