Corporate anti-fraud service privacy notice

This privacy notice explains how the corporate anti fraud service (CAFS) processes personal data relating to members of the public. It also outlines the steps we take to ensure that personal data is protected and describes the rights individuals have in relation to the data we process.

Why we are publishing this notice

The council collects, uses and is responsible for certain personal information about you. We are regulated under the General Data Protection Regulation (GDPR) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. The Data Protection Act 2018 also governs the use of Data and ensures we act within the law.

This privacy notice broadly explains the purpose for processing, the legal basis, categories of personal information collected, who we may share it with and your rights.

It applies to all personal information collected for or on behalf of the council whether by letter, email, face-to-face, telephone, online or any other method.

Data protection officer

Our data protection officer is the council’s data protection office and information about them can be found on the data protection web page

Purpose for processing your information

This authority has a legal duty to protect the public funds it administers, and may use information held about you for all lawful purposes, including but not limited to the prevention and detection of crime including fraud and money laundering.

One of the primary objectives of the council’s Anti-Fraud & Corruption Strategy is to ensure the prevention of fraud and corrupt acts and to ensure that any instances or allegations of these are investigated and dealt with effectively. As part of this strategy we may conduct pro-active counter fraud reviews into transactions and records held across different business areas. They are designed specifically to identify unusual, incorrect or potentially fraudulent transactions.

The legal basis for processing and or sharing your personal information is under article 6(1)(c) and 6(1)(e) of the General Data Protection Regulations. We process your information as part of our compliance with a legal obligation and under our public tasking duties.

The legal basis for Counter Fraud investigations is set out below:

  • Section 151, Local Government Act 1972
  • The Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013
  • Local Audit and Accountability Act 2014 (Part 6)
  • Section 68 of the Serious Crime Act 2007
  • Prevention of Social Housing Fraud Act 2013
  • The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
  • Fraud Act 2006
  • Criminal Procedures and Investigations Act 1996
  • Schedule 2, Data Protection Act 2018
  • The Police & Criminal Evidence Act 1984 (PACE)

As a Local Authority we are required to participate in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. This involves the provision of particular sets of data to the Minister for the Cabinet Office for matching, for each exercise, as detailed on the National Fraud Initiative page from GOV.UK.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information on the National Fraud Initiative privacy notice from GOV.UK

We may disclose information you provide to a Specified Anti-Fraud Organisation (SAFO) for the purposes of preventing fraud. A SAFO enables or facilitates the sharing of information for the prevention of fraud and is specified by an order made by the Secretary of State. Disclosures of information from a public authority to a SAFO are subject to a Code of Practice and this, along with a full list of SAFO’s we may share information with can be found on the Home Office website, see Data sharing for the prevention of fraud, Code of Practice.

We collect and process the following categories of personal information: 

  • Personal and family details
  • Lifestyle and social circumstances
  • Goods and services
  • Financial details
  • Employment and education details
  • Housing needs
  • Visual images, personal appearance and behaviour
  • Licenses or permits held
  • Student and pupil records
  • Business activities
  • Case file information
  • Criminal convictions and offences

We may also collect and process special categories of personal information that may include:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data, biometric data for the purpose of uniquely identifying a person
  • Data concerning health
  • Data concerning a person’s sex life or sexual orientation

How we collect your information

We collect information in a number of ways, for example, by letter, written applications for services, email, face-to-face, other agencies, telephone calls and online forms.

Who we may share your information with

We will share personal information with law enforcement or other authorities if required by applicable law such as:

  • The Cabinet Office
  • Government agencies
  • Specified anti-fraud organisations (SAFOs)
  • The Police
  • Judicial agencies e.g. Courts
  • Department of work and pensions
  • HMRC
  • Local authorities
  • In certain circumstances employers
  • Credit reference agencies
  • Contractors we use to assist us with investigations such as interpreters, transcribers, translators and forensic services suppliers

We will only share information with these organisations where it is appropriate and legal to do so.  We may also share information, for example, if there is a risk of serious harm or threat to life. Where this is necessary, we are required to comply with all aspects of the General Data Protection Regulation and the Data Protection Act 2018.

How do we keep your data secure?

Your personal data will be processed securely. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions. The security, confidentiality and integrity of your data is important to us and this will be reflected in how we secure your data.

How long do we keep your information?

We will only keep your information for as long as is required by law and to provide you with the necessary services.  For further details you can submit a request via the Request for Information page.

We may also anonymise some personal data you provide to us to ensure that you cannot be identified and use this data to allow the Council to effectively target and plan the provision of services.

Your rights and access to your information

You have the right to request a copy of the information that we hold about you. 

The new General Data Protection Regulation also gives you additional rights about the information we hold about you and how we use it, including the right to:

  • Withdraw consent and the right to object and restrict further processing of your data; however, this may affect service delivery to you.
  • Request to have your data deleted where there is no compelling reason for its continued processing and provided that there are no legitimate grounds for retaining it.
  • Request your data to be rectified if it is inaccurate or incomplete.
  • Have your data transferred or copied should you move to another authority.
  • Not be subject to automated decision-making including profiling.

To request information that we hold about you visit our Subject Access Request page.

Changes in your personal circumstances

You must notify us immediately if there are any changes in your circumstances and personal details so we can maintain an accurate and up to date record of your information.

If you have any concerns

You have a right to complain to us if you think we have not complied with our obligation for handling your personal information; please visit our Compliments and Complaints page.

If you are not satisfied with the Council’s response you have a right to complain to the Information Commissioner’s Office (ICO).  You can report a concern by visiting the ICO website.

Changes to our privacy policy

As the Council creates new services or enters into new partnership agreements, this may generate the need to amend the Privacy Notice.  If our Privacy Notice changes at any time in the future, it will be posted on this page.

H&F Anti Fraud and Corruption Strategy


Translate this website