This privacy notice is designed to help you understand how and why North Yorkshire Council processes your personal data in order to detect crime and protect public funds. This notice should be read in conjunction with our corporate privacy notice.
Who are we?
North Yorkshire Council is a ‘data controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR). The council’s counter fraud service is carried out by Veritau.
For more information you can visit the Veritau website.
The council has appointed Veritau to be its Data Protection Officer. Their contact details are:
Information Governance Office
Tel: 01904 552848
What personal information do we collect?
The counter fraud team will use any personal data that the council holds in order to detect and/or prevent criminal activity. This includes, but is not necessarily limited to:
- your basic identifiers (such as name, date of birth, address, and gender)
- your contact details (such as home address(es), email address, and phone numbers)
- details about your family and relationship circumstances
- details about your involvement with the council
The counter fraud team will also use any ‘special category’ data that the council holds in order to detect and/or prevent criminal activity. This includes, but not necessarily limited to:
- details about your mental or physical health
- details about your political affiliations or views
- details about your trade union membership or affiliations
- details about your religious or philosophical beliefs
- details about your racial or ethnic origin
The counter fraud team may also use any ‘criminal conviction data’ that the council may hold in relation to you.
The counter fraud team will also create information based on their investigations. This could include, but is not necessarily limited to:
- any information you, or a party to the investigation, provides us with,
- any information passed to us by any other organisation,
- witness statements,
- any relevant correspondence we have had with you or another party to the investigation – including internal correspondence about you,
- any relevant video recording (including CCTV), audio recordings, or images,
- investigation interview records
Why do we collect your personal information?
The council has a duty to protect public funds. The counter fraud team will use your data to investigate any potential errors and/or fraudulent activity which could lead (but is not limited to) generation of invoices, recovery of monies and prosecution and/or court action being pursued.
How do we use Data Matching?
National Fraud Initiative
NYC participates in an exercise every two years called the National Fraud Initiative (NFI) to promote the proper spending of public money. This is a data matching exercise organised and managed by the Cabinet Office.
Every council in England takes part by providing information relating to the customers and services they supply. The Cabinet Office matches the databases together looking for suspicious details. We then investigate the details the Cabinet Office sends back to us.
For more information you can view the code of data matching practice for the national fraud initiative government page.
Normally every individual whose data is included is informed about NFI, in accordance with our data protection policy and the Cabinet Office's code of practice. This notice, along with disclaimers on the council’s data collection forms, fulfils that duty.
Internal Data Matching Initiative
The council also undertakes internal data matching exercises as well as regional data matching with neighbouring authorities. This is to further help protect public funds from misuse and identify fraud.
This means that we may use your personal data from one and match it against your data from another organisation. Any information we disclose to or receive from neighbouring authorities is governed by a strict information sharing agreement.
Who do we share this information with?
We may get information about you from certain third parties, or give them information to:
- make sure the information is accurate,
- prevent or detect crime, and
- protect public funds.
These third parties include the Department for Work and Pensions, Her Majesty's revenues and customs, other government departments and other local authorities. We may also provide information for data matching exercises with the Cabinet Office, the Department for Work and Pensions and credit reference agencies as the law allows.
We may also pass information to the police or another law enforcement agency if we believe a crime has been, or is likely to be, committed.
How long do we keep your information for?
We will keep electronic records for up to six years on conclusion of their use (for example, at the point an investigation is ended).
Where we collect or process information for data matches purposes, we review each project on its own merits and may delete records within six years if it is no longer relevant to hold bulk data which has been used for matching.
What is our lawful basis for processing your information?
North Yorkshire Council relies on the following lawful basis to process your personal data for the purposes of crime prevention and/or detection:
- UK GDPR Article 6(1) (c) – processing is necessary for compliance with a legal obligation to which the controller is subject
- UK GDPR Article 6(1) (e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
When processing special category data, the council will rely on the following lawful basis:
UK GDPR Article 9(2) (g) – processing is necessary for reasons of substantial public with processing meeting Schedule 1, Part 2 of the Data Protection Act 2018 as below:
- (6) Statutory and government purposes
- (10) Preventing or detecting unlawful acts
This is in pursuance with the following legislative texts:
- the local audit and accountability act 2014
- local government act 1972
For more information about how we use your data, including your privacy rights and the complaints process, please see our corporate privacy notice.