This Privacy Notice is designed to help you understand how and why the counter fraud service processes your personal data. This notice should be read in conjunction with the Council’s Corporate Privacy Notice.
Who are we?
Selby District Council is a ‘Data Controller’ as defined by Article 4(7) of the General Data Protection Regulation (GDPR). The Council’s Counter Fraud service is carried out by Veritau Ltd. You can find out more about Veritau on their website: www.veritau.co.uk. The Council has also appointed Veritau Ltd to be its Data Protection Officer. This service is carried out by the Information Governance Team. Their contact details are: Data protection Officer, Veritau Ltd, County Hall, Racecourse Lane, Northallerton, DL7 8AL / firstname.lastname@example.org / 01609 532 526.
What personal information do we collect?
The Counter Fraud team will use any personal data that the Council holds in order to detect and/or prevent criminal activity. This includes, but is not necessarily limited to:
- your basic identifiers (such as name, date of birth, address, and gender);
- your contact details (such as home address(es), email address, and phone numbers);
- details about your family and relationship circumstances;
- details about your involvement with the Council.
The Counter Fraud team will also use any special category data that the Council holds in order to detect and/or prevent criminal activity. This includes, but not necessarily limited to:
- details about your mental or physical health;
- details about your political affiliations or views;
- details about your trade union membership or affiliations;
- details about your religious or philosophical beliefs;
- details about your racial or ethnic origin.
The Counter Fraud team may also use any ‘criminal conviction data’ that the Council may hold in relation to you.
The Counter Fraud team will also create information based on their investigations. This could include, but is not necessarily limited to:
- any information you, or a party to the investigation, provides us with;
- any information passed to us by any other organisation;
- witness statements;
- any relevant correspondence we have had with you or another party to the investigation – including internal correspondence about you;
- any relevant video recording (including CCTV), audio recordings, or images;
- investigation interview records.
Why do we collect your personal information?
The Council has a duty to protect public funds. The Counter Fraud team will use your data to investigate any potential errors and/or fraudulent activity which could lead (but is not limited to) generation of invoices, recovery of monies and prosecution and/or court action being pursued.
How do we use Data Matching?
The council participates in an exercise approximately every two years called the National Fraud Initiative (NFI) to promote the proper spending of public money. This is a data matching exercise organised and managed by the Cabinet Office. Every council in England takes part by providing information relating to the customers and services they supply. The Cabinet Office matches the databases together looking for suspicious details. We then investigate the details the Cabinet Office sends back to us.
Normally every individual whose data is included is informed about NFI, in accordance with our data protection policy and the Cabinet Office's code of practice. This notice, along with disclaimers on the Council’s data collection forms, fulfils that duty.
The Council also undertakes internal data matching exercises as well as regional data matching with neighbouring authorities. This is to further help protect public funds from misuse and identify fraud. This means that we may use your personal data from one and match it against your data from another organisation. Any information we disclose to or receive from neighbouring authorities is governed by a strict information sharing agreement.
Who do we share this information with?
We may get information about you from certain third parties, or give them information to:
- make sure the information is accurate;
- prevent or detect crime;
- protect public funds.
These third parties include the Department for Work and Pensions (DWP), Her Majesty's Revenues and Customs (HMRC), other government departments and other local authorities. We may also provide information for data matching exercises with the Cabinet Office, DWP and credit reference agencies as the law allows.
We may also pass information to the police or another law enforcement agency if we believe a crime has been, or is likely to be, committed.
How long do we keep your information for?
We will keep electronic records for up to six years on conclusion of their use (e.g. at the point an investigation is ended). Where we collect or process information for data matches purposes, we review each project on its own merits and may delete records within six years if it is no longer relevant to hold bulk data which has been used for matching.
What is our lawful basis for processing your information?
The Council processes your personal data for the purposes of crime prevention and/or detection and to ensure the proper use of public funds based on
- Article 6(1) (c) – Processing is necessary for compliance with a legal obligation
- Article 6(1) (e) – Processing is necessary for the performance of a task carried out in the Public Interest
The Council processes your special category data and criminal conviction data, for the purposes of crime prevention and/or detection, based on
- Article 9(2)(g) in pursuance with Schedule 1(6) and (10) of the Data Protection Act 2018 – Processing is necessary for reasons of substantial public interest (legal obligations and preventing/detecting unlawful acts).
This is in pursuance with the following legislative text: The Local Audit and Accountability.