ResilienceDirect is an online private 'network' which enables civil protection
practitioners to work together - across geographical and organisational boundaries -
during the planning, preparation, exercising, response and recovery phases of an event or emergency.
This notice sets out how we will use your personal data, and your rights. It is made under Articles
13 and/or 14 of the General Data Protection Regulation (GDPR).
YOUR DATA
Purpose
The purposes for which we are processing your personal data are to operate and provide the
ResilienceDirect Service. The Service helps to facilitate multi-agency collaboration in many ways.
Activities include:
-
● sharing emergency plans among Local Resilience Forum (LRF) members and others such as
national/sub-national partner organisations and neighbouring LRFs
-
● maintaining awareness of forthcoming exercises, events and meetings, and accessing related
documentation such as agendas and minutes
-
● sharing situation reports and briefings between local responders, to enable integrated
management of events and consistent provision of information to the public
-
● gathering and reviewing comments on new policies or plans before publication, and collating
lessons learned following events
-
● managing members contact information to ensure a single, up-to-date version of distribution lists
-
● issuing news and guidance from central government to local responders via ResilienceDirect
-
● communicating situation reports to lead government departments and/or COBR, facilitating
national coordination/action in response to an incident if necessary
The data
We will process the following personal data:
For users:
Names, email addresses (as a minimum), and if provided: telephone numbers, job titles, organisation
For members of the public:
Any information that is recorded by emergency responders such as locations.
Legal basis of processing
The legal basis for processing your personal data is it is necessary for the performance of a task
carried out in the public interest or in the exercise of official authority vested in the data
controller.
The Civil Contingencies Act 2004 requires that emergency responders cooperate and share information
in order to efficiently and effectively prepare for, respond to and recover from, emergencies and
ensure that action is coordinated. ResilienceDirect helps organisations to fulfil these duties by
supporting the adoption of common working practices, and ensuring that key information is readily
and consistently available to users.
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions,
religious or philosophical beliefs, or trade union membership, and the processing of genetic data,
biometric data for the purpose of uniquely identifying a natural person, data concerning health or
data concerning a natural person's sex life or sexual orientation.
Our legal basis for processing the sensitive personal data of members of the public involved in
incidents is:
-
- It is necessary for reasons of substantial public interest for the exercise of a function of
the Crown, a Minister of the Crown, or a government department, and
-
- It is necessary to protect your vital interests, or the vital interests of another, where you
or the other person is physically or legally incapable of giving consent.
Recipients
Your personal data will be shared with your employing organisation.
It will also be shared with our IT suppliers who provide:
-
● the ResilienceDirect Service
-
● web hosting for ResilienceDirect
Retention
For users, your personal data will be retained by us for as long as you maintain a ResilienceDirect
account.
For information relating to members of the public involved in incidents, your personal data will be
retained for an indefinite period of time for auditing, judicial reviews, public enquiries and any
other official investigations.
Where personal data has not been obtained from you
Your personal data were obtained by us from your employer (users), or emergency responders (members
of the public).
YOUR RIGHTS
You have the right to request information about how your personal data are processed, and to request
a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a
supplementary statement.
You have the right to request that your personal data is erased if there is no longer a justification
for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that
the processing of your personal data is restricted.
You have the right to object to the processing of your personal data where it is processed for direct
marketing purposes.
You have the right to object to the processing of your personal data.
INTERNATIONAL TRANSFERS
Your data will not be transferred outside the UK.
CONTACT DETAILS
The data controllers for ResilienceDirect are the Cabinet Office and participating organisations acting
jointly. The contact details for the lead data controller are: Cabinet Office, 70 Whitehall, London,
SW1A 2AS, or ResilienceDirect@cabinetoffice.gov.uk.
The contact details for the lead data controller's Data Protection Officer are: Steve Jones, Data
Protection Officer, Cabinet Office, 70 Whitehall, London, SW1A 2AS, or dpo@cabinetoffice.gov.uk.
The Data Protection Officer provides independent advice and monitoring of Cabinet Office's use of
personal information.
COMPLAINTS
If you consider that your personal data has been misused or mishandled, you may make a complaint to the
Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted
at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or 0303
123 1113, or casework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to
your right to seek redress through the courts.