This page provides information on how Norfolk County Council’s Resilience Team uses your personal information for its purposes.
It also references how NCC managers, plan updaters and plan owners have access to information when updating plans, reviewing plans and referring to them during an incident.
By ‘use’ we mean the various ways your personal information may be processed including storing and sharing the information.
We also provide further details regarding:
- Who we are
- How long we use your information for
- Your rights under the GDPR, and
- How to exercise them
You can see this information in our general privacy notice or you can ask us for a copy of this information.
What we use your personal information for
We use your personal information primarily to manage and coordinate Norfolk County Council's Resilience resources including:
- Coordinating countywide emergency response and recovery in a potential major emergency, including helping people evacuate their home/area
- Assisting other agencies in incident management, emergency response and coordination of resources
- Supporting district colleagues in the development of local plans to enhance community resilience
- Planning for incidents by producing or supporting the implementation of business continuity and emergency plans and testing them in training and exercises
- Managing emergency contacts for local and national response, either in preparation for, or during, an incident
- Managing volunteers for local and national response, either in preparation for, or during, an incident. This includes previously unknown volunteers who assist during an incident
We also use this information to assess the quality of our services and evaluate and improve our policies and procedures.
We may also use information in other ways compatible with the above.
The information we collect and use
The information we may collect and use may include your:
- Personal details
- Contact details – your address, email address and phone number
- Current employment details if you are a member of another organisation or business
- Contractual information if you are contracted to provide a service or assistance in an emergency
- We also collect health information including any disabilities and medical conditions you may have. Health information is classed as “special category data” under the GDPR.
Who provides this information
The information we hold includes information you have provided to us. We may also receive information from:
- Operational staff
- Other Norfolk County Council departments or services
- Business continuity plan owners and updaters
- IT administrators
- Facilities-management staff
- Elected members
- Wholly-owned companies eg Norse
- Part-funded or partially integrated organisations
- Co-located teams or teams working in partnership – Norfolk Resilience Forum
- Law enforcement agency – the police
- Health bodies – Care Commissioning Groups, NHS Trusts, GP surgeries
- Government department or agency – the Environment Agency, the Health and Safety Executive
- Residential service provider – care homes, domiciliary care, home helps
- Transport service providers
- Support agencies
- External companies
- National independent bodies
- Schools, academies, colleges
- Other businesses/employers
- Voluntary organisations, charities etc
- Other emergency services – Norfolk Fire and Rescue Service, Coastguard
- Armed forces
How the law protects you and the legal basis for processing your information
We have legal grounds to process this information because it is necessary to comply with a legal duty or fulfil a public task. This includes under the:
- Civil Contingencies Act 2004
- Control of Major Accident Hazards Regulations 2015
We also process personal information where it is necessary for the performance of a contract (eg lease, licence, service and maintenance contract).
We have legal grounds to process special category data where it is necessary for reasons in the substantial public interest. This will include where it is necessary to carry out any of our statutory functions. The statutory functions are as set out above.
The GDPR includes safeguards to protect the use of your special category data. Further details can be found in our Special category data and criminal offences data policy, which sets out our procedures for compliance with the principles of the GDPR and the retention and erasure of this information.
Who we share your information with
We may also share your personal information with other organisations and public bodies, in particular:
- Statutory bodies (Environment Agency, police, parish councils, district councils
- Members of the public
- Other local authorities
- Norfolk County Council county councillors
- Other emergency services, armed forces, organisations and businesses responding to a local or national incident or emergency
- Volunteers responding to a local or national incident or emergency
We share this information without your specific consent as it is reasonable and necessary to do so to fulfil our public tasks or it is otherwise in the substantial public interest to do so. The law imposes safeguards to protect your privacy in these circumstances.
Finally, we may also share your information across different departments of Norfolk County Council, where it is necessary for our public tasks or functions to do so.
Automated decision making
We do not make automated decisions about you and your family.
How we keep your information
The information is stored electronically, on Norfolk County Council’s records management system. Additionally, information is securely stored in other mediums, including email accounts and in paper files. We do not process your information outside of the European Economic Area.
This notice was updated in May 2019