businessman touching a security icon on a touch screen

How we use your personal information

We collect and use any personal information that you provide us through different means, such as online and paper interactions or forms, telephone, email, fax, or face-to-face contact, or when you visit our website (which logs your internet protocol (IP) address). As the controller of this information, we determine how we manage it:

  • for the purpose for which you provided the information, e.g., services we have provided in relation to fire and rescue services, police and crime, public service reform, productivity and skills related programmes, housing & regeneration, health and wellbeing or the environment and waste management;
  • to communicate with you, provide services and information appropriate to your needs;
  • to monitor our performance in providing services to you, to gather statistical information to allow us to plan future provision of services to you and to obtain your opinion about our services;
  • to meet various legal or contractual requirements;
  • for the prevention and/or detection of crime;
  • to process financial transactions including grants, payments and benefits directly involving us or where we are acting on behalf of other government bodies such as the Department for Work and Pensions
  • to enforce the law in areas such as licensing, planning enforcement, trading standards and food safety including regulatory duties.
  • in the event of civil disasters or emergencies
  • where it is permitted under the Data Protection Act 2018 / UK GDPR, for example, to comply with legal obligations, or for us to seek legal advice or undertake legal proceedings;
  • for marketing purposes to keep you updated on the latest news and services;
  • for home or commercial fire safety assessments
  • for accident investigation and road safety
  • to ensure the health and safety of our staff and members of the public using our services;
  • to manage all types of consultation including online forms
  • to manage all types of complaints and feedback
  • to manage all types of survey including online forms
  • for job applications and employee information
  • for general processing where you have given your consent for us to do so;
  • to improve the experience of visitors to our websites including manage your online and marketing preferences.

We also collect information via CCTV. CCTV helps us to protect our properties, vehicles and premises, to provide a safer environment for people who work at and visit these locations including preventing and investigating crime. For these reasons, the information processed may include:

  • visual images or recordings including people’s faces
  • personal appearance, and behaviours.
  • information may be about employees,
  • customers and clients, going about their daily business
  • offenders and suspected offenders, who access the offices without authorisation
  • members of the public and those inside, entering or in the immediate vicinity of the area under surveillance.

We use also use your information for research purposes to produce statistical information that helps us to prioritise activities, target and plan the provision of services. We ensure that your identity is not revealed where possible when we use your information in this way, it will be specifically to:

  • maintain our own accounts and records
  • support and manage our employees
  • manage our property
  • enable licensing and regulatory activities
  • provide services required by us as a public service
  • prevent crime and prosecute offenders including the use of CCTV
  • administer any corporate activities we are required to carry out as a data controller and as a public authority
  • undertake research
  • provide commercial and non-commercial activities that we undertake as a public body
  • support internal financial and corporate functions
  • manage archived records for historical and research reasons
  • undertake data matching for local and national fraud initiatives
  • improve public health
  • assist in disputes or potential cases of malpractice
  • investigate complaints

We may also use your information to help to target some of our services and let you know what information or activities may be available to help you. This may include:

  • promoting the services we provide
  • marketing, for instance related to our local tourism
  • carrying out health and public awareness campaigns
  • providing leisure and cultural services
  • local fraud initiative
  • national fraud initiative
  • carrying out surveys

When communicating to you electronically we will abide by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

We use a range of organisations to either store personal information or help deliver our services to you and where we are permitted to do so by law.

The following is a broad summary of the types of organisations your personal information may be shared with


To provide appropriate, timely and effective services, we may share basic information about you such as your name or address between departments within the four bodies mentioned in the introduction to this Privacy Notice (GMCA, GMFRS, PCC and GMWR). This is so we can keep your information as up to date as possible and so we can improve our services to you. However, we ensure that staff within these shared services can only access the information they need in order to do their job.

Partner organisations under Data Sharing Agreements or protocols:

We have data sharing arrangements in place with local agencies and partner organisations, who we work with to provide certain services to you. For example, we may sign up to or follow local or national protocols, such as the National Fraud Initiative, which requires us to share particular personal information in a certain way. Therefore, under data sharing arrangements, certain personal information is shared for a specific purpose. The agency or organisation receiving the information must only use that information as outlined within that data sharing agreement so that they can to carry out that specific tasks in line with the agreed purpose. They must always keep your data safe and secure and process it lawfully as outlined in that agreement.

Third Parties:

We may have to share your personal information with a third party if the law requires us to do so. For example, we may provide your information to the courts, either because they have ordered us to do so, or because we need a court order for something (e.g., to prevent or detect crime). In all cases, we will follow data protection laws when we share data internally or externally.

We may also share your information with a third party even if the law does not oblige us to do so, if we think that there is a very important reason for doing so. However, we will only override your privacy right if the risk is serious. This is rare, but we may share your information in order to:

  • find and stop crime and fraud;
  • protect the public, our staff or other professionals against any serious risks
  • protect a child, for example where we suspect they may be subject to abuse, their needs are not being met, or they are at risk in some other way;
  • protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them

Some of the third parties that we may share your personal information with are (but not limited to):

  • those who assist us in providing services, and who perform technical operations such as data storage and data hosting for us.
  • families, guardians, carers, associates and representatives of the people whose personal data we are processing (including legal advisers and counsel);
  • local and central government departments (such as the Cabinet Office, Ministry of Housing, Communities & Local Government, the Department for Work and Pensions, Her Majesty's Revenues and Customs, Border Agency);
  • Local Authorities
  • Greater Manchester Police or other UK police forces.
  • Other UK Fire and Rescue Services
  • debt collection and tracing agencies;
  • current, past and prospective employers;
  • educators and examining bodies;
  • hospitals, GPs or other healthcare, social and welfare organisations;
  • providers of goods and services;
  • financial organisations;
  • business
  • private investigators;
  • press and the media;
  • professional advisors and consultants;
  • professional bodies;
  • housing associations and landlords;
  • voluntary and charitable organisations;
  • religious organisations;
  • the National Fraud Agency;
  • ombudsman and regulatory authorities;
  • courts and tribunals;
  • enforcement agents;
  • regulatory bodies;
  • law enforcement and prosecuting authorities, including international law enforcement and examining bodies;

Research and evaluation partners

In addition to sharing information to improve the delivery of services, we may also share information with other service providers, survey and research organisations to create statistical and anonymised or pseudonymised data to:

  • better plan how we provide services to our community;
  • help improve services and to make sure they are effective;
  • be published in various reports that will be publicly available;
  • improve the health of the population as a whole

Where we anonymise the data, we make sure that it does not reveal you, your family or any individual person. This means that any information that shows who you are, or your family or carers will be removed before the results of any research or evaluation that we or others publish (including in public reports).

When we pseudonymise data, this type of personal data will be processed in a way that makes it harder to identify you, your family or carers. We will use pseudonymised techniques such as replacing, removing or transforming information that identifies specific individuals such as names, addresses, phone numbers, etc., and keep that information separate from the rest of the data. For example, a name can be replaced with a unique number or a code.

The data used for research and evaluation will not have any impact on you because it will not be used to make any decisions about you or affect your rights or benefits. It will only assist us to improve the quality, effectiveness, and delivery of help across Greater Manchester by providing us with insights and feedback on our services and the needs of the people we help.

We may need to either:

  • use your personal information for a different reason than we originally told you because our purpose for using your personal information has changed; or
  • use your information for an extra reason and we did not tell you about this in either this privacy notice or the privacy notice of the specific service using your personal information.

If we need to do this, unless the new reason is compatible with our original purpose, we will generally provide you with a new or updated privacy notice. This will explain the new or additional reason we need to use your personal information, and on what legal basis we can do so. This will be given before we begin to use information we already hold. The exception to this is where we obtained your information from a third party, and it would be impossible or disproportionate for us to provide you with a new privacy notice. If this happens, we will publish the new privacy notice on our website with the same right to object to the additional use of your personal information.

Before we share your information with anyone, we may conduct a Data Protection Impact Assessment (DPIA) and record the outcomes accordingly. These include but are not limited to:

  • What specific information will be shared
  • The reason for the sharing
  • The legal basis for the sharing
  • An assessment of the potential risks that the sharing would pose and how we minimise them
  • How the information will be kept safe

However, a DPIA is not required for all data sharing, but only if it is likely to result in a high risk to individuals or involves sensitive information.

The Information Commissioner’s Office have issued a Code of Practice (external website), that explains the process we must go through when we complete a DPIA.

Find out more about how and when it is appropriate to share your information from the Information Commissioner’s website (external website).

Where we share your information with other people and organisations who help us provide our services to you, these providers are legally obligated to keep your details safe and secure at all times and only use your personal information to provide the service to you according to our instructions.

We will always ensure we have a legal basis for processing or sharing your personal information and that we abide by the UK GDPR and Data Protection Act 2018. Anyone who works with us must follow the same strict rules we do when using your personal information.

We will not sell or give your personal information to a third party for marketing purposes without your consent.

We are a Public Authority, and we have legal powers and duties to provide services to residents across Greater Manchester. We can use your information to help us deliver these services. This means we are a ‘data controller and processor’ under Article 4 (7) and 4 (8) of the UK GDPR. Some of the legal acts and regulations that allow us and empower us to provide our services to you are:

  • Localism Act 2011
  • The GMCA Order 2011
  • Health and Social Care (Safety and Quality) Act 2015
  • Children Act 2004
  • Health and Social Care Act 2001
  • Health and Social Care (Community Health and Standards) Act 2003
  • National Health Service Act 2006
  • Social Security (Claims and Information) Regulations 1999
  • Care Act 2014
  • Crime and Disorder Act 1998
  • Housing Act 1996
  • Homelessness Act 2002
  • Education Act 2011
  • Education and Skills Act 2008
  • Fire and Rescue Services Act 2004
  • Regulatory Reform (Fire Safety) Order 2005
  • Environmental Protection Act 1990
  • Environment Act 1995
  • Police Reform and Social Responsibility Act 2011
  • Transport Acts 1968 and 1985,
  • 2000 Local Transport Act 2008,
  • Buses Act 2017
  • Climate Change and Sustainable Energy Act 2006

To ensure that our data processing activities comply with the law, we will follow this and other relevant legislation.