Corporate Fraud Privacy Notice

This Privacy Notice is designed to help you understand how and why the corporate fraud service processes your personal data. This notice should be read in conjunction with the Council’s Corporate Privacy Notice.

Who are we?

Bassetlaw District Council is a ‘Data Controller’ as defined by Article 4(7) of the General Data Protection Regulation (GDPR). 

What personal information do we collect?

The Corporate Fraud team will use any personal data that the Council holds in order to detect and/or prevent criminal activity. This includes, but is not necessarily limited to:

  • your basic identifiers (such as name, date of birth, address, and gender);
  • your contact details (such as home address(es), email address, and phone numbers);
  • details about your family and relationship circumstances;
  • details about your involvement with the Council.

The Corporate Fraud team will also use any special category data that the Council holds in order to detect and/or prevent criminal activity.

The Corporate Fraud team may also use any ‘criminal conviction data’ that the Council may hold in relation to you.

The Corporate Fraud team will also create information based on their investigations. This could include, but is not necessarily limited to:

  • any information you, or a party to the investigation, provides us with;
  • any information passed to us by any other organisation;
  • witness statements;
  • any relevant correspondence we have had with you or another party to the investigation – including internal correspondence about you;
  • any relevant video recording (including CCTV), audio recordings,  or images;
  • investigation interview records.

Why do we collect your personal information?

The Council has a duty to protect public funds. The Corporate Fraud team will use your data to investigate any potential errors and/or fraudulent activity which could lead (but is not limited to) generation of invoices, recovery of monies and prosecution and/or court action being pursued.

How do we use Data Matching?

The council participates in an exercise approximately every two years called the National Fraud Initiative (NFI) to promote the proper spending of public money. This is a data matching exercise organised and managed by the Cabinet Office.  Every council in England takes part by providing information relating to the customers and services they supply. The Cabinet Office matches the databases together looking for suspicious details. We then investigate the details the Cabinet Office sends back to us.

See here for more information about how the Cabinet uses your data.

Normally every individual whose data is included is informed about NFI, in accordance with our data protection policy and the Cabinet Office's code of practice. This notice, along with disclaimers on the Council’s data collection forms, fulfils that duty.

The Council also undertakes internal data matching exercises. This is to further help protect public funds from misuse and identify fraud.  This means that we may use your personal data from one and match it against your data from another organisation. Any information we disclose to or receive from neighbouring authorities is governed by a strict information sharing agreement.

Who do we share this information with?

We may get information about you from certain third parties, or give them information to:

  • make sure the information is accurate;
  • prevent or detect crime;
  • protect public funds.

These third parties include the Department for Work and Pensions (DWP), Her Majesty's Revenues and Customs (HMRC), other government departments and other local authorities.  We may also provide information for data matching exercises with the Cabinet Office, DWP and credit reference agencies as the law allows.

We may also pass information to the police or another law enforcement agency if we believe a crime has been, or is likely to be, committed.

How long do we keep your information for?

We will keep electronic records for up to six years on conclusion of their use (e.g. at the point an investigation is ended).  Where we collect or process information for data matches purposes, we review each project on its own merits and may delete records within six years if it is no longer relevant to hold bulk data which has been used for matching.

What is our lawful basis for processing your information?

The Council processes your personal data for the purposes of crime prevention and/or detection and to ensure the proper use of public funds based on

  • Article 6(1) (c) – Processing is necessary for compliance with a legal obligation
  • Article 6(1) (e) – Processing is necessary for the performance of a task carried out in the Public Interest

The Council processes your special category data and criminal conviction data, for the purposes of crime prevention and/or detection, based on

  • Article 9(2)(g) in pursuance with Schedule 1(6) and (10) of the Data Protection Act 2018 – Processing is necessary for reasons of substantial public interest (legal obligations and preventing/detecting unlawful acts).

This is in pursuance with the following legislative text: The Local Audit and Accountability.

Protecting your personal data

We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the personal information that we hold.

We do not currently transfer your data to any third country or international organisation.

Research and statistics

Anonymised and pseudonymised data may be used for research and statistical purposes. Any data collected may be used for research and statistical purposes that are relevant and compatible with the purpose that the data was collected for.

Your rights

There are a number of rights that you may exercise depending on the legal basis for processing your personal data. In most cases, these rights are not absolute and there may be compelling or overriding legal reasons why we cannot meet these rights in full. This will be explained to you in more detail should you contact us for any of the reasons detailed below:

  • Request a copy of the personal information the council holds about you
  • To have any inaccuracies corrected
  • To have your personal data erased
  • To place a restriction on the council’s processing of your data
  • To object to processing and
  • To request your data to be ported (data portability)
  • To object to any automated decision-making including profiling and the right to ask for any automated decision-making to be reviewed by a human

Where the processing of your personal data is based on your consent, in most circumstances, you have the right to withdraw that consent at any time and we will act on your instructions.

For more information about how the Council may use your data and to learn more about your rights please see the Council’s Privacy Statement.

If you have any concerns or questions about how your personal data is processed, please contact the Council’s Data Protection Officer at the above address or by email to DataProtectionOfficer@bassetlaw.gov.uk. If you remain dissatisfied with the Council’s response, you can complain to the Information Commissioner's Office in writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone 0303 123 1113 (local rate) or 01625 545 745.


Last Updated on Monday, September 11, 2023