Privacy Policy

Privacy Policy — Estancia Fire Department

Effective Date: April 11, 2026

The Estancia Fire Department (“EFD,” “we,” “us”) is committed to protecting the privacy of our personnel, applicants, and community members. This policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Public Website (estanciafd.org)

  • Event suggestion forms: Name, email, phone (optional), and event details you submit.
  • Career applications: Name, contact information, address, employment history, certifications, and references.
  • Contact forms: Name, email, and message content.
  • Automatic data: IP address, browser type, and pages visited (via standard server logs).

Staff Portal (staff.estanciafd.org)

  • Personal information: Name, date of birth, email, phone, home address, emergency contacts.
  • Employment data: Hire date, member type, role assignments, service level qualifications.
  • Medical records: Physical exam results, medical clearances, exposure reports (stored with encryption at rest).
  • Certifications and training: Certification records, training hours, NFPA compliance data.
  • Background checks: Status and results (restricted to administrators only).
  • Scheduling data: Availability, leave requests, time entries.
  • Performance records: Evaluations, disciplinary records (restricted to administrators).
  • Communications: Internal messages between department personnel.

2. How We Use Your Information

  • Managing department operations, staffing, and scheduling.
  • Tracking certifications, training requirements, and service level qualifications.
  • Processing career and volunteer applications.
  • Generating operational reports for department leadership.
  • Sending notifications about schedules, certifications, and department announcements.
  • Complying with state and federal reporting requirements.
  • Maintaining OSHA exposure records and medical compliance.

3. Data Protection

  • All connections are encrypted via TLS/SSL (HTTPS).
  • Sensitive data (medical records, exposure details, SSNs) is encrypted at rest.
  • Access to sensitive records is restricted by role-based permissions.
  • Sessions are secured with HTTP-only, secure, same-site cookies.
  • API tokens expire after 8 hours of inactivity.
  • Daily security monitoring checks system health and access patterns.

4. HIPAA Compliance

Medical records, physical exam results, and exposure reports are handled in accordance with the Health Insurance Portability and Accountability Act (HIPAA) where applicable. Access to medical data is restricted to the individual and authorized officers. Background check data is restricted to administrators only.

5. Data Sharing

We do not sell or share personal information with third parties except:

  • When required by law, court order, or legal process.
  • In response to valid Inspection of Public Records Act (IPRA) requests, subject to applicable exemptions for personnel and medical records.
  • To state agencies for mandatory certification and compliance reporting.
  • To mutual aid partner agencies during emergency operations (limited to operationally necessary data).

6. Data Retention

Personnel records are retained in accordance with New Mexico Records Retention and Disposition Schedules. Medical and exposure records are retained for the duration required by OSHA (30 years for exposure records). Deleted records are soft-deleted and may be recovered by administrators during the retention period.

7. Your Rights

  • Access: You may view your personal data through the staff portal at any time.
  • Correction: You may request corrections to inaccurate personal information by contacting your supervisor or an administrator.
  • Public Records: Members of the public may submit records requests pursuant to the New Mexico Inspection of Public Records Act (IPRA).

8. Cookies and Tracking

The staff portal uses session cookies for authentication. The public website uses standard WordPress cookies. We do not use third-party advertising trackers. Server logs are retained for security monitoring purposes.

9. Contact

For privacy questions, data requests, or IPRA requests, contact:

Estancia Fire Department
Attn: Records Custodian
P.O. Box 188
Estancia, NM 87016
Email: admin@estanciafd.org

10. Changes to This Policy

This policy may be updated periodically. Changes will be posted on this page with an updated effective date. Continued use of EFD systems after changes constitutes acceptance of the revised policy.

Scroll to Top