Privacy notice for Financial Services (including Insurance)

What do we use the information for?

Financial services comprises of four accountancy teams: a systems team, a creditor payments team, a strategic pay services team, and an insurance team. These teams process and hold your personal information in order to carry out financial management effectively, including:

• processing payments external individuals
• processing payments to employees and elected councillors
• procurement card administration
• recording transactions on the ledger
• accounting for expenditure and income
• budget setting and budget monitoring
• providing financial management information
• costing staffing budgets
• providing financial analysis and advice to internal and external customers  
• management of corporate appointee accounts
• submission of grant funding claims.
• administering prepaid cards for direct payment clients
• managing school budgets
• high needs top-up payments
• looked after children payments
• adoption and other carer allowances payments
• monitoring and payments for social care placements  
• calculating and setting council housing rents
• administration of employee car loans and leases
• managing insurance claims from the public, employees and clients
• management of the section and all related policies including attendance, performance, conduct etc.

We also use information to improve our services so that they are more appropriate to people’s requirements.  We recognise that your personal information is important to you, and we take our responsibilities for ensuring that we collect and manage it proportionately, correctly and safely very seriously.

What information do we hold and use?

We collect and process the following information:

• Personal information (including full name, full residential address, date of birth)
• Contact details (such as email address, telephone number)
• Characteristics (such as ethnicity, sex, marital status, disability)
• Identifiable information (such as NI number payroll number)
• Bank details for invoices/ payments
• Details of all payments made in respect of salary (including taxation)
• Pension scheme details (including records of employee and employer contributions)
• Employee absence information including holidays and sick days etc.
• Private vehicle details (including registration number plate).

For insurance claims, we may also collect and process the following additional information:

• Medical reports
• Social care records
• School records
• Tenancy agreements
• Occupational Health records
• Personnel records.

On what grounds do we use the information?

Financial services collect and lawfully process your personal information under the following: 

• Local Government Act 1972 
• Ministry of Justice Civil Procedure Rules.

We process personal data for the following reasons: 

• GDPR Article 6(1)(a) - the data subject has given consent to the processing of his or her personal data for one or more specific purposes
• GDPR Article 6(1)(b) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
• GDPR Article 6(1)(c) - processing is necessary for compliance with legal obligation to which the East Riding of Yorkshire Council is subject
• GDPR Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

We process special category data for the following reasons: 

• GDPR Article 9(2)(a) - the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject.

How do we collect this information?

We may collect information in the following ways: 

• Paper, electronic or online form
• Email
• Letter
• Telephone
• Face to face, with one of our employers, or one of our partners
• From third-party sources who have a duty to share information to enable us to meet our statutory obligations (including the police, insurance providers and solicitors)
• From relevant council departments or schools.

Who do we share your information with?

We may disclose your information to others, but only where this is necessary either to comply with our legal obligations or as permitted by Data Protection legislation. We may share it with other public service bodies including HM Revenue and Customs, insurance providers, solicitors, the police, local courts, tribunals and arbitrators, and other local authorities.

Financial Services procures systems from various suppliers to support its financial management role. Therefore, we may disclose your information to these suppliers  for the purposes of supporting our systems. The suppliers used include:

• INFOR UK Ltd
• Technology One UK Ltd
• Orovia Group Ltd
• Transforce BV
• NatWest Client Monies Services 
• allpay Ltd
• PAS Ltd
• JC Applications Development Ltd
• Esphera Solutions Ltd. 

The reasons why we may share your data with other public bodies and organisations are as follows:

• To improve our understanding of your needs to enable us to inform you of other relevant services
• To monitor and improve our performance and delivery of services
• For the prevention or detection of crime, or the apprehension or prosecution of offenders, where the offence involves the unlawful use of public money or an unlawful claim for payment out of public money
• Where necessary to protect individuals from the risk of harm or injury
• Where otherwise permitted under the General Data Protection legislation.

We will only disclose your sensitive or confidential information if we are legally required to do so, or where we have good reason to believe that failing to share the information would put you or someone else at risk of harm.

We will not pass your personal information to external organisations for marketing or sales purposes or for any commercial use without your prior expressed consent.

How long do we store it and is it secure?

Financial services have a retention schedule in place that ensure information is only held for as long as it is needed. We will not keep your information for longer than is required to by law. Your information will be disposed of in a controlled and secure manner in accordance with the council’s Records Management and Data Quality Policy. The council’s IT security and confidentiality policies ensure that your information is protected, and accessed only by staff directly involved in your case.  

For information on how long your information will be held visit the retention page.

What rights do you have?

The rights that you have depend upon the grounds on which we collected your information.  All of the rights you could have are outlined on the data protection rights page. 

In most cases, people who have been involved with Financial Services will have the following rights:

• The right of access - you are entitled to see the information we hold about you. 
• The right to rectification -  we will amend information accordingly, if any information the service holds about you is incorrect.
• The right to restrict processing -  you may wish us to limit how we use your data. 
• The right to object - in addition to the right to limit the use of your data, you also have a right to object to the use of your data for certain actions.
• The right to erasure / right to be forgotten - in certain circumstances, you may be able to ask for some of the information we hold to be deleted. The service has determined that all requests to permanently delete a service user record will be dealt with on an individual basis.

To exercise any of your above rights, please visit the data protection rights page for more information.

Where can I find out more?

If you want to know more about how the council uses information, your rights or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance; contact details are available on the general privacy information page. Alternatively, you can contact the Information Commissioner's Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest and they handle public concerns regarding organisations information rights practices. 

Information Commissioner’s Office (external website) 

When was this privacy notice last updated?

We will continually review and update this privacy notice to reflect any changes in our services, feedback from customers, and to comply with any changes in the law. This privacy notice was last updated on 29 January 2021.