ResilienceDirect is an online private ‘network’ which enables civil protection practitioners to work together – across geographical and organisational boundaries – during the planning, preparation, exercising, response and recovery phases of an event or emergency.
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).
On gaining access to the ResilienceDirect service, you will have read and accepted the End User Agreement which sets out the terms and conditions of use. From time to time, this Agreement is updated and you are required to re-read and accept it to be able to continue accessing the Service. The latest version is available on the Service.
Your Data
The purposes for which we are processing your personal data are to operate and provide the ResilienceDirect service. The Service helps to facilitate multi-agency collaboration in many ways. Activities include:
-
● sharing emergency plans among Local Resilience Forum (LRF) members and others such as national/sub-national partner organisations and neighbouring LRFs
-
● maintaining awareness of forthcoming exercises, events and meetings, and accessing related documentation such as agendas and minutes
-
● sharing situation reports and briefings between local responders, to enable integrated management of events and consistent provision of information to the public
-
● gathering and reviewing comments on new policies or plans before publication, and collating lessons learned following events
-
● managing members contact information to ensure a single, up-to-date version of distribution lists
-
● issuing news and guidance from central government to local responders via ResilienceDirect
-
● communicating situation reports to lead government departments and/or COBR, facilitating national coordination/action in response to an incident if necessary
The Data
We will process the following personal data:
For users:
● Names, email addresses (as a minimum), and if provided: telephone numbers, job titles, organisation
For members of the public:
● Any information that is recorded by emergency responders, such as locations.
Legal basis of processing
The legal basis for processing your personal data is it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
The Civil Contingencies Act 2004 requires that emergency responding organisations cooperate and share information in order to efficiently and effectively prepare for, respond to and recover from, emergencies and ensure that action is coordinated. ResilienceDirect helps organisations to fulfil these duties by supporting the adoption of common working practices, and ensuring that key information is readily and consistently available to users.
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Our legal basis for processing the sensitive personal data of members of the public involved in incidents is:
-
● It is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department, and
-
● It is necessary to protect your vital interests, or the vital interests of another, where you or the other person is physically or legally incapable of giving consent, and
-
● It is a necessary permanent record of an event or incident that could be called upon for the purpose of informing a public inquiry or judicial review.
Recipients
Your personal data will be shared with your employing organisation.
It will also be shared with our IT suppliers who provide:
-
● the ResilienceDirect service
-
● web hosting for ResilienceDirect
How Long We Keep Your Personal Data
We will only keep your personal data for as long as:
-
● the law requires us to
-
● we need it for the purposes listed above
For information relating to members of the public involved in incidents, your personal data may be retained for an indefinite period of time for auditing, judicial reviews, public inquiries and any other official investigations.
Where Personal Data has not been obtained from you
Your personal data were obtained by us from your employer (users), or emergency responders (members of the public).
What Are Your Rights
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
You have the right to request that your personal data is erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.
You have the right to object to the processing of your personal data.
Where Your Data is Stored
Your data will not be transferred outside the UK.
Cookies Policy
ResilienceDirect puts small files (known as ‘cookies’) on your computer once you have logged in.
These cookies are used across the ResilienceDirect service and are removed at the end of each session.
Changes to this Notice
We may modify or amend this privacy notice at our discretion at any time. When we make changes to this notice, we will amend the last modified date at the top of this page. Any modification or amendment to this privacy notice will be applied to you and your data as of that revision date. We encourage you to periodically review this privacy notice to be informed about how we are protecting your data
Contact Details
The data controllers for ResilienceDirect are the Cabinet Office and participating organisations acting jointly. The contact details for Cabinet Office Data Protection Officer are: DPO@cabinetoffice.gov.uk.The Cabinet Office Data Protection Office is located: Cabinet Office, 70 Whitehall, London SW1A 2AS
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
Questions and Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303 123 1113, or icocasework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
