Data Protection Policy

Introduction

The Confederation is committed to protecting the privacy and security of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how the Charity collects, uses, stores, and protects personal data in its role supporting improved fire safety through awareness, education, and community engagement.

Scope

This policy applies to all personal data processed by the Charity, including data relating to beneficiaries, contractors, volunteers, donors, and website users.

Lawful Basis for Processing

The Charity processes personal data under the following lawful bases:

  • Consent: where individuals have given clear permission (e.g., signing up for newsletters or training).
  • Contract: where data is required to fulfil a contract (e.g., with contractors).
  • Legal obligation: for compliance with legal or regulatory responsibilities.
  • Legitimate interest: for essential charity operations, where privacy rights are not overridden.

What Personal Data We Collect

The Charity may collect and process the following types of personal data:

  • Name, address, email address, phone number
  • Payment details (for donors or contractors)
  • Communication preferences
  • Feedback from events
  • IP address and website usage data (via cookies, if applicable)

We do not knowingly collect or process special category data unless legally required.

How We Use Personal Data

We use personal data for the following purposes:

  • Administering campaigns, resources, and virtual events
  • Managing contracts and agreements with contractors and volunteers
  • Sending updates and fundraising communications (with consent)
  • Ensuring legal and regulatory compliance
  • Improving our services based on feedback

Data Sharing and Storage

We do not sell or rent personal data. Data may be shared only with:

  • Trusted third-party service providers (e.g., cloud storage, email services), under appropriate data processing agreements
  • HMRC or regulatory authorities where legally required

All data is stored securely, using password protection and encryption where appropriate. As a virtual charity, we use secure cloud-based platforms for document management and communications.

Data Retention

Personal data is kept only for as long as necessary to fulfil the purposes it was collected for. Typically:

  • Financial records: 6 years
  • Event participation records: 2 years
  • Mailing list data: until unsubscribed or after 2 years of inactivity

Data no longer required is securely deleted.

Data Subject Rights

Individuals have the right to:

  • Access their personal data
  • Correct inaccuracies
  • Withdraw consent (where applicable)
  • Request deletion of their data (“right to be forgotten”)
  • Object to or restrict processing

Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by contacting the Data Protection Lead at: [email protected]

Cookies and Website

Our website may use cookies to improve user experience. Where applicable, users will be asked to consent to cookies and can manage preferences at any time.

Policy Governance

The Charity’s trustees are responsible for ensuring data protection compliance. The appointed Data Protection Lead is responsible for day-to-day implementation of this policy.

Contact: Exec Director
Data Protection Lead
Fire Sector Confederation
Email: [email protected]
Registered Charity Number: 1211156Introduction

The Confederation is committed to protecting the privacy and security of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how the Charity collects, uses, stores, and protects personal data in its role supporting improved fire safety through awareness, education, and community engagement.

Scope

This policy applies to all personal data processed by the Charity, including data relating to beneficiaries, contractors, volunteers, donors, and website users.

Lawful Basis for Processing

The Charity processes personal data under the following lawful bases:

  • Consent: where individuals have given clear permission (e.g., signing up for newsletters or training).
  • Contract: where data is required to fulfil a contract (e.g., with contractors).
  • Legal obligation: for compliance with legal or regulatory responsibilities.
  • Legitimate interest: for essential charity operations, where privacy rights are not overridden.

What Personal Data We Collect

The Charity may collect and process the following types of personal data:

  • Name, address, email address, phone number
  • Payment details (for donors or contractors)
  • Communication preferences
  • Feedback from events
  • IP address and website usage data (via cookies, if applicable)

We do not knowingly collect or process special category data unless legally required.

How We Use Personal Data

We use personal data for the following purposes:

  • Administering campaigns, resources, and virtual events
  • Managing contracts and agreements with contractors and volunteers
  • Sending updates and fundraising communications (with consent)
  • Ensuring legal and regulatory compliance
  • Improving our services based on feedback

Data Sharing and Storage

We do not sell or rent personal data. Data may be shared only with:

  • Trusted third-party service providers (e.g., cloud storage, email services), under appropriate data processing agreements
  • HMRC or regulatory authorities where legally required

All data is stored securely, using password protection and encryption where appropriate. As a virtual charity, we use secure cloud-based platforms for document management and communications.

Data Retention

Personal data is kept only for as long as necessary to fulfil the purposes it was collected for. Typically:

  • Financial records: 6 years
  • Event participation records: 2 years
  • Mailing list data: until unsubscribed or after 2 years of inactivity

Data no longer required is securely deleted.

Data Subject Rights

Individuals have the right to:

  • Access their personal data
  • Correct inaccuracies
  • Withdraw consent (where applicable)
  • Request deletion of their data (“right to be forgotten”)
  • Object to or restrict processing

Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by contacting the Data Protection Lead at: [email protected]

Cookies and Website

Our website may use cookies to improve user experience. Where applicable, users will be asked to consent to cookies and can manage preferences at any time.

Policy Governance

The Charity’s trustees are responsible for ensuring data protection compliance. The appointed Data Protection Lead is responsible for day-to-day implementation of this policy.

Contact: Exec Director
Data Protection Lead
Fire Sector Confederation
Email: [email protected]
Registered Charity Number: 1211156