Privacy Policy

Welcome to the National Fire Chiefs Council’s (NFCC) privacy policy.

NFCC respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.

This privacy policy is provided in a layered format so you can click through to the specific areas set out below.

  1. Important information and who we are
  2. The data we collect about you
  3. How is your personal data collected?
  4. How we use your personal data
  5. Disclosures of your personal data
  6. International transfers
  7. Data retention
  8. Your legal rights


  1. Important information and who we are

Purpose of this privacy policy

This privacy policy aims to give you information on how NFCC collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, complete surveys and take part in other research exercises, or purchase a product or service.


NFCC is the controller and responsible for your personal data (collectively referred to as NFCC, “we”, “us” or “our” in this privacy policy).

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO by emailing:

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated on 17th October 2023.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes, for example if your email address changes.

  1. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, which we have categorised together as follows:

  • We may collect identification data, such as your name and the organisation employing you.
  • We may collect your contact information, such as your email address, postal address and phone number.
  • When you purchase a product or service, we will collect bank account details, payment card information, details about payments to and from you, and other information about the products and services you have purchased.
  • When you visit our website, we may collect internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website (Technical Data).
  • We may record preferences in receiving marketing from us and our third parties, as well as your communication preferences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you or your employer, and you fail to provide that data when requested, we may not be able to perform the contract or service. In this case, we may have to cancel the product or service but we will notify you if this is the case.

  1. How is your personal data collected?

We use different methods to collect data from and about you, including:

  • When you fill in forms or correspond with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • register for events and products;
    • sign up for our newsletters;
    • make enquiries with our teams;
  • when you complete surveys and take part in other research exercises;
  • when you register to be a member of the charity; or [online communities];
  • as you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details;
  • We may also get personal from others such as your employer and other people that we come into contact with as part of the work we do.
  1. How we use your personal data

In summary, we use your personal data in the following circumstances:

  • Where it is necessary to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

We have set out below, a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We will rely on legitimate interests as our legal basis, unless stated otherwise below, and we have identified what our legitimate interests are where appropriate.

  1. If you purchase a product or service (for example if you buy tickets for one of our events), we may collect and process your name, email address, postal address, telephone number and bank details so we can provide the product or service to you. Such processing is necessary for the performance of the contract between us. If we have entered into a contract with your employer then we will process your personal data for our (and your employer’s) legitimate interests in fulfilling the obligations under the contract.
  2. We may also process the feedback you provide us, for example, on our products and services. This processing is necessary for the legitimate interest of improving what we do.
  3. We may process your personal data where you contribute to research and/or as part of a survey response. This is for our legitimate interest in driving improvement and best practice in fire and rescue.
  4. We may use your personal information to identify you and customise our services to you, for example, when you login. This is for our legitimate interest in providing a service suited to you and your legitimate interest in receiving a service tailored to you.
  5. If you are a supplier, we may process your name, job title and business contact information including email addresses and telephone numbers for you, your employees and representatives, this is necessary for our contract with you (where applicable) and for our legitimate interests in maintaining and managing our relationship with you. We may process other information for these purposes, for example, when giving feedback on the service you have provided.
  6. We may contact you to tell you about our work and with information about upcoming events, campaigns, and our products and services, but only when permitted under data protection law. If you tell us that you do not want to be contacted for any of these purposes then we will of course respect that. We will rely on our legitimate interest in marketing our work, events, campaigns, products and services to you, unless we have your consent before contacting you for these reasons. For example, we have a legitimate interest in telling people what we do in order to promote our work and generate engagement.
  7. Regardless of the relationship we have with you, we may need to use your personal data for legal reasons, such as to check that you are complying with our terms and conditions and to enforce our legal rights. We have a legitimate interest in doing this unless we are under a legal obligation or what we are doing is necessary for our contract with you.
  8. We may collect Technical Data by using cookies, such as Google Analytics, to help us analyse trends and patterns in how visitors engage with our website. Cookies are also used to recognise when you return to our website, for example remembering your password when you login. We will seek your consent before setting any non-essential cookies.
  9. We may also use your personal data for our legitimate interests in protecting and supporting our interests and to protect and support the interests of the firefighting community. For example, if you posted something on social media that was critical of the work we do then we may post a response in order to give our perspective.

We do not usually rely on consent as a legal basis for processing your personal data. Where we do rely on consent you have the right to withdraw your consent at any time.  You can find our contact details in section 1 of this privacy notice above.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and using it for that other reason does not breach data protection law.

  1. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out in the ‘Purposes for which we will use your personal data’ section above.

  • We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
  • Sometimes we may need to share personal data with government as part of the work we do.
  • We may share your personal data with third party service providers who act on our behalf such as IT services providers, cloud storage and event management.
  • If ever in the future, we are considering restructuring the charity, we may share your personal data with the other parties involved and with the relevant professional advisors. This is for our legitimate interest in ensuring that the charity continues to fulfil its objects.
  1. International transfers

 We do not transfer your personal data outside the UK.

  1. Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation.

  1. Your legal rights

You have the right to the following under data protection law:

  • Request a copy of your personal data and certain related information.
  • Request correction of your personal data if it is incorrect or incomplete.
  • Request erasure of your personal data that we hold about you.
  • Object to processing of your personal data in some cases.
  • Request restriction of processing your personal data in certain circumstances.
  • Request transfer of your personal data to you or a third party in a format that can be read by a computer.
  • Right to withdraw consent at any time.

If you wish to exercise any of the rights set out above, please contact our DPO on Please note that these rights do not apply in all cases.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.