Privacy Notice HFSA Training

Privacy Notice for Home Fire Safety Assessment (HFSA) Partnership Training (May 2022 to January 2023)

Data controller: Greater Manchester Combined Authority, Churchgate House, 56 Oxford Street, Manchester M1 6EU
ICO registration reference: Z5119967
Customer enquiries contact details: officeofdpo@greatermanchester-ca.gov.uk
Data Protection Officer: Phillipa Nazari, Greater Manchester Combined Authority

Who we are

The Greater Manchester Combined Authority (GMCA) is made up of the ten Greater Manchester councils, the Greater Manchester Fire and Rescue Service (GMFRS), and the Mayor of Greater Manchester. We work with other local services, businesses, communities and other partners to improve the city-region.

Summary of the event

GMFRS is hosting six online sessions and three face to face sessions for partner organisations to hear about our new Home Fire Safety Assessment (HFSA) offer and ask questions. The sessions are open to any member of staff working in a partner organisation in Greater Manchester who wants to gain a better understanding of;

• What an HFSA is and how it benefits the householder
• How to identify service users who may be at increased risk of fire at home
• How to refer service users to GMFRS for an HFSA
• Fire safety in the home (face to face session only).

What information we will collect from you (the purpose and legal basis for processing information)

The Eventbrite page will ask you your name, company and email address. We ask for this information to ensure that we can contact you with updates about the event. We may also contact you after the event to send further information about the event, ask for feedback or to let you know about other future events.

We may ask about access requirements to ensure that we can meet your needs at an event.

As the GMCA has legal responsibilities for the wellbeing of Greater Manchester residents, and a responsibility to treat them fairly and equally, the legal basis for collecting and using the data will be:

• Article 6 1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

And for the more sensitive data:

• Article 9 2(g) processing is necessary for reasons of substantial public interest

How we ensure the security of your data

The GMCA is committed to providing the appropriate levels of security to the information we collect and we use reasonable measures to prevent unauthorised access to that information. We are required to demonstrate that our solutions meet the required levels of personal, procedural, policy, data and technical security. We will only process personal information for the purposes it has been collected or subsequently authorised.

This platform we use to collect your data is called Eventbrite. The security measures, firewall, access control and administration privileges for Eventbrite have been reviewed and accepted by the GMCA.

The data from this event registration will not be transferred to any other third party for processing.

Information retention

The GMCA will keep your information for two years after the end of the event. We may keep your information in an anonymised format after this time for statistical purposes and in these cases, all personal information will be removed.

Transferring data

Eventbrite physically stores personal data in the United States. In order to ensure that personal data can be lawfully transferred from the EU to our US-based servers, Eventbrite agrees that it will be bound by the Controller-to-Processor Standard Contractual Clauses in the Annex to the European Commission Decision of February 5, 2010, as may be amended or replaced from time to time by the European Commission.

Data sharing

The information collected as part of this survey will only be used by the GMCA for the purposes explained above.

What rights do individuals have?
The GMCA must comply with the General Data Protection Regulations (GDPR) and the Data Protection Act 2018.

Under data protection law, your rights include:

• Your right of access - You have the right to ask us for copies of your personal information.
• Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
• Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
• Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you wish to make a request, please contact us at:

• Email: officeofdpo@greatermanchester-ca.gov.uk
• Post: Office of the DPO GMCA, Churchgate House, 56 Oxford Street, Manchester, M1 6EU

How can I make a complaint?

If you are not satisfied with how the GMCA is using the information we hold about you please contact our Data Protection Officer by emailing officeofdpo@greatermanchester-ca.gov.uk.

If you are still not satisfied with the GMCA’s response to any request to exercise your individual rights or if you believe that the GMCA is not processing your personal data in accordance with the law, you can contact the Information Commissioners’ Office:

• Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
• Telephone: 0303 123 1113