Policy for the Emergency Call Handling Service (ECAS)
Please read this policy carefully as it applies to your use of the Emergency Call Handling Service (“the Service”) provided by BT Communications Ireland Limited (“BT”) under contract with the Department of the Environment, Climate and Communications (“DECC”), as well as our website and any related apps. It applies to individuals who use the Service but not to the information we hold about companies or organisations. It also applies to persons generally enquiring about the Service whether or not they actually use the Service.
We are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason to process your personal data and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you may ask us to change or sometimes delete it unless certain exceptions apply. This has been written in line with our obligations under the General Data Protection Regulation 2016 and the Data Protection Act 2018 as they apply in the Republic of Ireland.
- Firstly, if you contact the Service, we are entitled to process your information and the information of any other person who needs the Service, in order for us and the emergency services to do our job.
- Secondly, if we collect your information outside of you contacting the service (including where you provide information to us via our website), we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time. We may also contact you periodically to ensure your information is up to date.
- We do not always need permission. In some cases, we may come to the view that our use falls within one of the other grounds of processing which are; compliance with a legal obligation; necessary to protect the vital interests of a person or necessary for the performance of a task carried out in the public interest (which may arise in emergency situations), or if we believe it is in ‘legitimate interests’ to use the information in a particular way without your permission (for example, to protect our network against cyber-attacks). When we do this, we must let you know as you may have a right to object and more detail on this is below.
This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for the purpose of providing the Service, we give you information on circumstances in which we may have to, or can choose to, share your information.
This policy doesn’t apply to information about our employees or shareholders. It also doesn’t cover other companies or organisations collecting and using your personal information, except the Department of Environment, Climate and Communications on whose behalf the service is provided by BT.
BT Communications Ireland Limited (“BT”) is the Operator of the Emergency Call Answering Service (ECAS) pursuant to a Concession Agreement between BT and the Department of the Environment, Climate and Communications. ECAS was established under the Communications Regulation (Amendment) Act of 2007, which also included provisions that apply to the operation of the Service.
Accessing and updating how we use your information
As allowed by law, you can access the information we hold about you by contacting us as described below. Once we’ve looked at your request, we’ll let you know when you can expect to hear from us.
We’ll always try to help you with your request, but we can refuse if we believe doing so would have a negative effect on others or the law prevents us. This is particularly true where a call recording contains the personal information of other individuals which it is difficult to separate from your personal information. We will assess all requests for information balancing the rights of all parties involved. And even though we must complete your request free of charge, we are allowed to reject requests in certain circumstances, including where:
- the information you have requested relates to personal data that is not yours or may infringe the rights of another person; or
- you don’t have the right to ask for the information and/or are not in a position to prove that you are the data subject; or
- the requests made are excessive and can’t be extracted to protect the personal data of others; or
- for other reasons necessary and proportionate to safeguard certain objectives of societal or general public interest.
If that’s the case, we’ll explain why we believe we don’t have to fulfil the request.
You can ask us for a copy of the information we hold about you by emailing firstname.lastname@example.org.
If you are seeking data from a call recording, you will be asked to provide further information which may include:
- date and time of the emergency call
- proof of identity
- phone number of mobile or landline used
- Emergency Service requested
- Other information where required to help identify a call
We may accept requests from your representatives at our option, but only if you have provided proper authorisation for us to liaise with them.
It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or you send us a lot of requests at once.
Where you have provided information to us with your consent, other than information that is collected when you use the Service, you can ask us to correct, complete, delete or stop using such information by contacting email@example.com. This will relate to any information you voluntarily provide to us via our website (for example information provided connected to the SMS service). It will take us up to 30 days to process any such requests.
In other cases, we will need to keep information, even if you ask us not to. This could be for legal or regulatory reasons, so that we can keep providing the Service, or for another legitimate reason. But we’ll always tell you why we keep the information.
If we’ve asked for your permission to provide a service, you can withdraw that permission at any time. It’ll take us up to 30 days to do that. And it only applies to how we use your personal information in the future, not what we’ve done in the past.
What information we collect and what we use it for
If you contact ECAS, we will process your information and transfer it to the emergency services. We’ll give them information about you and where you are so they can help. We do this because it is necessary to protect you, or another person, and because it is in our interests to help the emergency services in providing help to you.
This means we’ll:
- record your personal details and the details of any other individuals referred to in your communication or during the course of an emergency call by recording the call from start to finish or recording all SMS messages.
- record the location (e.g. street address, Eircode, or coordinates) of the device you are using where location is provided by the device and send your details and location details to the relevant emergency service to assist in their response to the emergency.
- give information to anyone else who legitimately requires it (for example in the investigation of a criminal matter or to the DECC as required by their obligations and responsibilities relating to the service).
- support you as needed in an emergency.
- use information you give us by consent to support you in an emergency which includes sharing it with the relevant emergency services.
We use the following information in the provision of the Service.
- Any personal detail provided during an emergency call (from start to finish of the call, including after the emergency service is connected), including medical information
- The name and address of the account holder of the calling device where available
- The location of the calling device where available
- Vehicle identification for e-calls from vehicles
- Your communications with us, including voice recording of phone calls, emails, SMS, webchats and phone calls.
- Identification information if we need to verify your identity (usually where you make a request for a call recording)
We use this information to carry out the Service. If this information is not processed or the correct information is not provided, we or the emergency services may not be able to provide you with the right assistance.
We’ll use your personal information if we consider it is in our legitimate business interests, or if we are under a legal obligation or need to protect the vital interests of a person or in a matter of public interest. We use your information to:
- Identify and provide call numbers, origin and detail where required by law or under a lawful request from law enforcement or other authorities
- create aggregated and anonymised information for further use;
- detect and prevent fraud including sharing with other companies so they can protect you against fraud and maintain accurate records; and
- secure and protect our network.
We’ll use your personal information to create aggregated and anonymised information. Nobody can identify you from that information and we’ll use it to:
- make sure our network is working properly and continuously improve and develop our network, products and services for our customers;
- run management and corporate reporting, research and analytics, and to improve the business; and
- provide other relevant organisations and stakeholders (including DECC, the emergency services and telecommunications operators) with aggregated and anonymous reports
We use the following to generate aggregated and anonymised information.
- Details in relation to the call logistics – including duration, origination and termination details, answer, and release times, call quality.
- Details in relation to the emergency service requested or type of assistance required and other grouping or categorisations of calls.
This means we’ll:
- maintain, develop and test our service (including managing the traffic on our network), to provide you with a better Service;
- train our people to provide you with the Service (but we make the information anonymous beforehand wherever possible);
- make and defend claims to protect our business interests.
We could use the following information to do this.
- Details of the communication type (including contact number) and logistics
- Your communications with us, including call recordings of phone calls, emails, web chats or any other media of communication (and any recordings made).
If we use this information for training, testing, development purposes, defend or bring claims, we do so because it is in our legitimate business interests of running an efficient and effective business which can adapt to meet our user’s needs.
We’ll use your personal information to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against our equipment. We monitor traffic over our network, trace nuisance or malicious calls, and track malware and cyber-attacks.
To do that we use the following information, but only where strictly necessary.
- Your information shared in a communication (including a call recording or SMS)
- Details of how you use the Service – including your call and browser (including IP address) records.
- Content of SMS sent and received in connection with your use of the Service.
We use this personal information because we have a legitimate interest in protecting our network and the Service from attacks and to prevent and detect crime and fraud. We also share it with other organisations (such as the emergency services) who have the same legitimate interests. Doing this helps make sure our Service works properly and helps protect you from attacks.
We might have to release personal information about you to meet our legal and regulatory obligations.
Under investigatory powers legislation, we might have to share personal information about you to government and law-enforcement agencies, such as An Garda Síochána, to help detect and stop crime, prosecute offenders and protect national security. They might ask for the following details.
- Your contact details. This includes your name, gender, address, phone number, date of birth or any other information needed to confirm your identity or location.
- Your communications with us, such as calls, emails, and webchats (and all recordings)
- Details of your use of the Service – including your call and browser (including IP address) records.
We’ll also share personal information about you where we have to legally share it with another person. That might be when a law says we have to share that information or because of a court order.
In limited circumstances, we may also share your information with other public authorities (such as the other emergency services including ambulance or fire service). However, we would need to be satisfied that a request for information is lawful and proportionate (in other words, appropriate to the request). And we would need appropriate assurances about security and how the information is used and how long it is kept.
Protecting your information and how long we keep it
This section is about how we keep your information secure and how long we keep hold of it for. We always follow the law and delete your information when we no longer need to keep it.
We have strict security measures to protect your personal information. We follow strict security procedures and apply suitable technical measures, such as encryption, to protect your information.
We’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. We will not hold your information for longer than 7 (seven) years unless we need to by law.
How to contact us and further details
You can get in touch with our data-protection team by email firstname.lastname@example.org or write to the address below and mark it for their attention.
IDA Business Park
If you want to make a complaint on how we have handled your personal information, please contact us using the details above and we will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For Ireland, that is the Office of the Data Protection Commissioner.