Audit and Insurance Privacy Notice
Who are we and what do we do
Commercialisation and Improvement is part of Gateshead Council. We are based at the Civic Centre, Gateshead and encompass the following teams:
Internal Audit
Internal Audit is an independent function of the Council. It provides assurance to the Council on risk management, control, fraud and governance processes.
Fraud and fraud data management
The Corporate Fraud Team investigates any instance of fraud. They take all necessary action to hold perpetrators to account and reduce losses.
They also coordinate the Council's participation in the National Fraud Initiative (NFI). The NFI is a data-matching exercise, currently run by the Cabinet Office under its statutory powers. Find more information on the NFI's work on our NFI webpage.
We conduct data matching and analytical exercises using data warehousing software. This meets the Counter Fraud and Corruption Strategy to seek out fraud and error in at-risk areas.
Insurance
The Insurance Team arranges the Council's insurances. It also manages insurance claims from the public, employees and clients.
This privacy notice provides specific information about how these teams processes your personal data. It is an addition to the information contained in our Corporate privacy notice.
What type of information is collected about you
We collect personal information to understand your needs and provide services. Information may include:
- name
- address
- email address
- telephone number
- date of birth
- bank statements
- current employment and employment history
- details of family and household members
- financial information
- National Insurance or NHS number
- identity information (such as passports, driving licences, birth certificates)
- vehicle information
- health information, such as evidence of injuries for an insurance claim or evidence to assist investigations into potential blue badge fraud or direct payment fraud
- images, photographs and video footage
- information obtained with Data Protection Act (DPA) exemption, such as Council Tax or Benefits, Electoral Roll, tenancy records or registration records
- information required under the Prevention of Social Housing Fraud Act 2013 or Council Tax Reduction Scheme Regulations
- intelligence from the police or other Government agencies, including witness statements
- open-source information such as Facebook profile data
- pay slips
- utility bills
How we collect information about you
We collect information about you from various sources to ensure that we meet your needs, including:
- application forms and supporting information we already hold
- direct communication with you
- direct from you when you submit a request, for example, from an insurance claim
- in investigating, personal information is gathered from numerous sources such as council records, external organisations, third parties, witnesses and the investigation subject
- Internal Audit can access all information supplied to Council departments by customers, staff, suppliers and other third parties
- online research
- third parties such as fraud referrals received by the Corporate Fraud Team or information from relevant health professionals in relation to any claims or investigations
We receive monthly personal data extracts from warehousing software for the following areas:
- blue badges
- business rates
- Council tax
- Council tax reduction claims
- Electoral roll
- Gateshead Council payroll
- Gateshead Council pension
- housing rents
- housing waiting list
Extracts are used to prevent and detect fraud across these service areas in real time. We are currently reviewing further data extracts and this list will continue to grow.
Why we need your information
We need this information to allow the council to prevent, detect and prosecute fraud. We have a duty to protect the public purse from fraud and corruption. We must maintain strong defences by effective directing of resources to mitigate risk.
Gateshead Council opposes fraud and corruption in all forms. and advocates a zero-tolerance approach. Fraud and corruption cheat local taxpayers and undermine the aims of our council to achieve its vision of 'Making Gateshead a place where everyone thrives', by providing value for money services in an open, honest and accountable way.
Where we discover fraud we will take all necessary action to hold perpetrators to account and ensure minimal loss. Our specialist teams investigate and assist with any fraudulent activity, including insurance claims.
We must verify the information you supply is correct and accurate. Where necessary, we verify your information with other councils and Government departments.
We intend to continue with existing data matching arrangements. We will explore other opportunities where possible. We will do this internally between services and externally with neighbouring councils. We will also develop links with external agencies to enhance information sharing opportunities.
We undertake data matching to assist the corporate framework in countering fraudulent activity. We use council data proactively to help prevent and detect crime.
The lawful basis for our processing is:
legal obligation to which the data controller is subject
task in the public interest.
The legislation the service is obliged to comply with includes:
- Bribery Act 2010
- Computer Misuse Act 1990
- Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013
- Criminal Procedures and Investigations Act 1996
- Data Protection Act 2018
- Digital Economy Act 2017
- Forgery and Counterfeiting Act 1987
- Fraud Act 2006
- Freedom of Information Act 2000
- Housing Act 1985
- Housing Act 1996
- Identity Card Act 2006
- Local Audit and Accountability Act 2014, Part 6
- Local Government Finance Act 1992
- National File Standards and the Money Laundering and Terrorist Financing Regulations
- Police and Criminal Evidence Act 1984
- Prevention of Social Housing Fraud Act (Power to Require Information) (England) Regulations 2014
- Proceeds of Crime Act 2002
- Public Interest Disclosure Act 1998
- Regulation of Investigatory Powers Act 2000
- Road Traffic Regulation Act 1984
- Welfare Reform Act 2012
Our specific lawful basis to obtain and use your personal information for corporate fraud team data matching:
- processing is necessary for compliance with a legal obligation to which the controller is subject
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Our lawful basis for processing of sensitive personal data is:
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
- processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity processing is necessary for reasons of substantial public interest
Who your information can be shared with
Our Corporate Privacy notice explains information sharing the Council carries out. This sharing fulfils statutory obligations, legal requirements and service delivery.
Commercialisation and Improvement can share your information with:
- instructed solicitors and insurers
- other local authorities
- registered social landlords
Our lawful basis for this sharing is legal obligation or task carried out in the public interest or in the exercise of official authority vested in the controller and your consent is not required.
The Council may also enter into specific information-sharing arrangements with partners such as other councils where it would support our statutory functions.
We may also share personal information with (and receive it from) third parties for the prevention and detection of fraud. Examples include:
- Cabinet Office
- DWP
- Home Office
- other councils
- the Police
- registered social landlords
This sharing accords with relevant privacy and data protection legislation.
We share fraud intelligence between authorities via restricted internet forums and groups. This is critical to raising awareness of rising fraud trends. We receive regular data analysis and fraud information alerts from our memberships.
If we wish to share your information with other council services or third parties for purposes outside of those listed above, we will ask your permission.
How long we will keep your information
We keep your information for as long as we need to provide services to you. We may also need to keep your information in accordance with legal or other obligations. Where we have no need to keep your data it will be securely destroyed. We keep a Record of Processing Activity (a requirement under the GDPR). This sets out the specific retention periods applicable in different circumstances. For more information please contact: CRInternalAudit@gateshead.gov.uk
Data collated specifically in relation to NFI and the data sharing agreement is retained as follows:
Type of personal information | Retention period |
---|---|
Data extracts held in internal corporate fraud system | One month - each month a new data extract is loaded, replacing the previous month's data |
National Fraud Initiative | Current and previous exercises kept only |
Where your information is held
We hold personal information in secure electronic systems on Gateshead council servers.
Additional information is held via an external data processor with a sub processor as a hosting partner to provide Cloud hosting services. Servers are housed in an ISO 9001 & ISO27001 accredited tier 3 UK data centre.
Your information can be held in the joint local authority Fraud Hub in partnership with Durham County Council and Newcastle City Council.
How you can update your information
Our delivery of efficient services depends on the accuracy of your information.
Please inform us of any changes to the following:
email address
personal circumstances
postal address
any of the other information we hold
Please contact: CRInternalAudit@gateshead.gov.uk
Your information rights
Please see the relevant section of our Corporate privacy notice.
Marketing and e-newsletters
Please see our email marketing privacy notice.
Business intelligence, profiling and automated-decision making
Please see the relevant section of our Corporate privacy notice.
Protecting your information
Please see the relevant section of our Corporate privacy notice.
Data Protection Officer
Data Protection Officer
Civic Centre
Regent Street
Gateshead
NE8 1HH
0191 433 3000
Information Commissioner's Office
The Information Commissioner is the UK's independent body for upholding information rights. Visit their website to find out more about your rights under Data Protection law, and what to expect from us.
For privacy practices or data protection rights concerns, contact the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
0303 123 1113 or 01625 545 745