Emergency planning privacy policy

Last Updated: 12 December 2023

We are committed to protecting your personal data and ensuring that it is processed fairly and lawfully.  Information you provide to us will be processed in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018) and subsequent legislation.

As set out by the Civil Contingencies Act (CCA) 2004 South Lakeland District Council (the Council) has statutory responsibilities and duties as a Category 1 Emergency Responder.  The local authority must plan for, respond to and recover from major incidents in South Lakeland.

The statutory duties placed on the Council as a Category 1 responder includes the anticipation and assessment of risks, production of plans for the purpose of controlling and/ or mitigating the impact of emergency incidents and business disruptions as well as effectively responding to, and recovering from, an emergency.

Purpose of processing

The processing of personal information is necessary for compliance with the statutory requirements of the Civil Contingencies Act 2004.

Legal basis of processing

The legal basis for data processing we are relying on comes from Article 6 of the General Data Protection Regulations (GDPR). The following sections apply:

  • Article 6(1)(c) Legal Obligation - Processing is necessary for compliance with a legal obligation to which the controller is subject;
  • Article 6(1)(d) Vital interest - the processing is necessary to protect someone’s life;
  • Article 6(1)(e) Public task - the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law

Information we process

The personal data we collect and process depends on the function we perform.  Please refer to the below:

Staff / volunteer details

We contact Council staff and volunteers by email to collect the following personal information to support the production and maintenance of effective emergency response and business continuity plans:

  • name
  • personal phone numbers
  • personal email address

Additionally, we access emergency plans that contain personal data which are owned by our partner organisations.

Keyholder information

We invite keyholders of our designated Emergency Assistance Centres to provide:

  • name
  • personal phone numbers
  • email address

so we may contact them if there is a requirement for people to be evacuated to a safe location.

Emergency Assistance Centre registration

Paper records will be used to capture personal details of people evacuated to the Council’s Emergency Assistance Centres as follows:

  • name
  • home address
  • contact details
  • date of birth
  • gender
  • medical, physical, health or social care needs
  • prescription / medication needs
  • next of kin contact details
  • vehicle registration

We will only use your personal data for the purpose for which we collected it which will include the following:

  • to register you at one of our Emergency Assistance Centres
  • to enable us to help meet any identified care and support needs
  • to help you contact relatives and friends following an incident or emergency
  • enquiries can be made to see who is accounted for, and who is missing

Decision logs / meeting records

Information is collected about the decisions made and courses taken by the Council during and after a major incident.  This information may be made available as evidence to support any subsequent debriefs, inquiries or proceedings.

Sharing your information

The CCA places a duty on Category 1 and 2 responders to share information upon request.  To help us provide emergency response services appropriate to your needs both during an incident and throughout the longer-term recovery period, we may share information with others including, but not limited to, Category 1 and Category 2 responders, such as:

  • emergency services
  • NHS agencies
  • health providers
  • utility companies
  • voluntary organisations

Amount of time we hold your information

The information provided will be kept in accordance with our retention policy.

Keeping your information secure

We are committed to protecting personal data and have data policies and procedures in place to ensure that it is safeguarded.

Contact information is held securely on the Council’s ICT network.  A limited number of hard copy emergency plans and emergency telephone directories are produced and stored securely in control rooms and issued to key local authority personnel.  All staff undertake regular training about data protection and managing personal information.

All data is stored electronically on encrypted equipment and is managed using the principles of confidentiality and data protection.

Opting out of the use of your information

You have the right to ask us to stop or restrict the processing of your personal data.  Where possible, we will seek to comply with your request, but we may need to hold or process information to comply with a legal requirement.

The data controller and their contact details

We processes large amounts of personal, special category personal or criminal/law enforcement data, referred to in legislation as a data controller. We are registered with with the Information Commissioner’s Office (ICO).

If you have concerns about the way the council has processed your data, please contact us:

  • dataprotection@westmorlandandfurness.gov.uk
  • Westmorland and Furness Council, South Lakeland House, Lowther Street, Kendal, Cumbria, LA9 4DQ

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner's Office (ICO).

View our privacy notification and privacy statement

Your rights about your data

You have the right to request access to information about you that we hold. To make a request for your personal information, contact our Data Protection Officer, whose details are above.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations.

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office.