Privacy notice for Financial Planning and Reporting and Fraud

What do we use the information for?

The financial planning and reporting (FPR) team and fraud services collect, process and hold your personal information in order to carry out financial management effectively, including:

• processing payments to employees and elected councillors
• processing payments to external individuals and organisations
• recording transactions on the ledger
• accounting for expenditure and income
• preparing the council’s statutory statement of accounts
• budget setting and budget monitoring
• preparing financial plans and policy setting
• providing financial management information
• providing financial analysis and advice to internal and external customers
• managing trust funds
• preparing, checking and submitting grant claims and returns
• assessment of discretionary discounts for council tax and business rates
• detecting and preventing fraud and loss to the council.

We also use information to improve our services so that they are more appropriate to people’s requirements. We recognise that your personal information is important to you, and we take our responsibilities for ensuring that we collect and manage it proportionately, correctly and safely very seriously.

What information do we hold and use?

The section collects and processes the following types of personal data: 

• Personal information (including full name, full residential address, date of birth)
• Contact details (such as email address, telephone number)
• Characteristics (such as ethnicity, sex, marital status, disability)
• Identifiable information (including NI number, payroll number)
• Bank details for payments
• Details of all payments made in respect of salary (including taxation)
• Pension scheme details (including records of employee and employer contributions)
• Employee absence information including sick days etc.
• Health information gathered to assess eligibility for benefits
• Council tax account details
• Business rate account details
• Housing benefit and rent account details
• Debtor account details.

On what grounds do we use the information?

The FPR team and fraud services collect and lawfully process your personal information under the following:

• Section 151 of the Local Government Act 1972
• Police and Criminal Evidence Act 1984
• Criminal Procedure and Investigations Act 1996 
• Council Tax Reduction Schemes (Detection of Fraud and Enforcement) Regulations 2013•
• Prevention of Social Housing Fraud Act 2013
• Local Government Finance Act 1992. 

We process personal data for the following reasons:

• GDPR Article 6(1)(a) – the data subject has given consent to the processing of his or her personal data for one or more specific purposes
• GDPR Article 6(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract 
• GDPR Article 6(1)(c) – processing is necessary for compliance with legal obligation to which the East Riding of Yorkshire Council is subject
• GDPR Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

We process special category data for the following reason:

• GDPR Article 9(2)(a) - the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject
• GDPR Article 9(2)(g) - processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

How do we collect this information?

We may collect information in the following ways:

• Paper, electronic or online forms
• Email
• Telephone
• Letter
• Face to face, with one of our employees, or one of our partners.

Who do we share your information with?

The FPR team procures systems from various suppliers to support its financial management role. Therefore, we may also disclose your information to these suppliers for the purposes of supporting out systems. The suppliers used include:

• INFOR UK Ltd
  
• Technology One UK Ltd
  
• NatWest Client Monies Services 
  
• Charity Trustees
• HM Revenue and Customs
• Local or foreign courts, tribunals and arbitrators, other judicial committee of enactments of laws.

Fraud services procures the services of various providers to support its financial management role. Therefore, we may also disclose your information to these providers for the purposes of assisting and managing out investigations as to whether fraud has occurred. The providers include:

• INTEC For Business Ltd
  
• Callcredit Public Sector Limited
• National Anti Fraud Network (NAFN)
• The Cabinet Office which undertakes work through the National Fraud Initiative (NFI)
• HM Revenue and Customs
• Department for Work and Pensions
• NHS
• Legal practitioners, tribunals and courts.

The reasons why we may share your data with other public bodies and organisations are as follows:

• To improve our understanding of your needs to enable us to inform you of other relevant services
  
• To monitor and improve our performance and delivery of services
• For the prevention or detection of crime
• For the prevention or detection of financial loss
• Where necessary to protect individuals from the risk of harm or injury
• Where otherwise permitted under the General Data Protection legislation.

We will only disclose your sensitive or confidential information, if we are legally required to do so, or where we have good reason to believe that failing to share the information would put you or someone else at risk of harm.

We will not pass your personal information to external organisations for marketing or sales purposes or for any commercial use without your prior expressed consent.

How long do we store it and is it secure?

The FPR team and fraud services have retention schedules in place that ensure that information is only held for as long as it is needed. We will not keep your information for longer than is required to by law. Your information will be disposed of in a controlled and secure manner in accordance with the council’s Records Management and Data Quality Policy. The council’s IT security and confidentiality policies ensure that your information is protected and accessed only by staff directly involved in your case.  

For information on how long information is held, visit the retention page.

What rights do you have?

The rights that you have depend upon the grounds in which we collected your information. All of the rights you could have are outlined on the data protection rights page. 

In most cases, people will have the following rights:

• The right of access - you are entitled to see the information we hold about you
• The right to rectification - we will amend information accordingly, if any information the service holds about you is incorrect
• The right to restrict processing - you may wish to limit how we use your data 
• The right to object - in addition to the right to limit the use of your data, you also have a right to object to the use of your data for certain actions
• The right to erasure/right to be forgotten - in certain circumstances, you may be able to ask for some of the information we hold to be deleted. The service has determined that all requests to permanently delete a service user record will be dealt with on an individual basis. 

To exercise any of your above rights, please visit the data protection rights page for more information.

Where can I find out more?

If you would like to know more about how the council uses information, your rights or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance; contact details are available on the general privacy information page. 

Alternatively, you can contact the Information Commissioner's Office (ICO). The ICO is the UK's independent authority set up to uphold information rights in the public interest and they handle public concerns regarding organisations information rights practices.

 Information Commissioner’s Office (external website)

When was this privacy notice last updated?

We will continually review and update this privacy notice to reflect any changes in our services, feedback from customers, and to comply with any changes in the law. This privacy notice was last updated on 17 May 2021.