Fraud privacy notice

Find out how Stirling Council uses personal data by checking the Council’s website at the following address:

https://www.stirling.gov.uk/privacy-statement/

Our website contains a Register of Data Processing which lists all the different ways
in which the Council uses personal data.

This Privacy Notice provides more information about just one of those processes.

The Council has a Data Protection Officer to make sure it is complying with data protection laws.

They can be contacted at:

Data Protection Officer
Stirling Council
Old Viewforth
14-20 Pitt Terrace
Stirling
FK8 2ET

Email: dataprotection@stirling.gov.uk
Telephone: 01786 404040

The primary purpose of corporate fraud team is to assist in the detection, prevention and prosecution of financial irregularity or fraud; This is achieved by examining different systems (Council Tax, Benefits, Housing, etc) to determine what information is held that is relevant to the referral being received. 

Personal data is processed to investigate allegations of fraud or corruption, as far as is appropriate under the Financial Regulations and relevant policies and strategies (Anti-Fraud & Corruption; Whistleblowing), or relevant legislation and reporting to Police Scotland where appropriate.

Personal data may relate to the Council’s service users, suppliers of services to the Council or employees of the Council.

The type of personal data that is processed varies depending on the data subject and the type of investigation, and may include: 

Personal Data

• Name
• Address
• Date of Birth
• National Insurance Number
• Employer Data
• Financial Information
• Residential Information
• CCTV images
• Audio recordings
• Any other information considered relevant to the matter under investigation.
• Data relating to criminal convictions and offences is also processed.  

We process personal data to comply with our statutory obligations.  Section 95 of the Local Government (Scotland) Act 1973 requires local authorities to make arrangements for the proper administration of their financial affairs.  

Stirling Council is required by law to protect the public funds it administers.  It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. 

The National Fraud Initiative (NFI) is an exercise that matches electronic data within and between public and private sector bodies to prevent and detect fraud.  Please see link below for further details on the Stirling Council website:

https://my.stirling.gov.uk/services/law-and-licensing/nationalfraud-initiative

The processing of data by Audit Scotland (in practice the processing is undertaken by the Cabinet Office on Audit Scotland’s behalf) in a data matching exercise is carried out under the powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the Data Protection Act 2018.  

For further details please refer to The National Fraud Initiative in Scotland Privacy Notice:

scotland.gov.uk/uploads/docs/um/nfi_privacy_notice_2018.pdf

Information can come from members of the public via anonymous referrals.  Information provided by data subject via telephone or face to face communications with data controllers, NFI. The data may come from other systems maintained or used by the Council.

Information can be passed from different parts of the council for prevention and detection of fraud. It may originally have been collected for Council Tax, benefits, housing, payroll or other financial transactional purposes. It may also have been collected for the purposes of provision of social care or for the provision of other services by external bodies but on behalf of the Council.

Information can be passed from a different organisation this could be HMRC, DWP, Police, Other Scottish Local Authorities and English Local Authorities, 

Personal Data may be retained:

• In paper form
• In electronic format, on the council network drives, email system Internal Audit Management system, ‘Galileo’.

Where criminality is suspected/detected, data will be retained for as long as is considered necessary for evidential purposes and for legal requirements to be met.

Other public authority (Local Authorities’ DWP; HMRC, Police) details would only be shared if a request was received and was for the prevention and detection of crime

You have the following rights under data protection laws. If you have a request under any of these rights, you can make a subject access request.

Access to your information

You have the right to request a copy of the personal information that we hold about you. This is known as a subject access request and is free of charge.  We must respond within one month, although this can be extended to three months if the information is complex.

Correcting your information

We want to make sure that your personal information is accurate, complete and up to date. Therefore you may ask us to correct any personal information about you that you believe does not meet these standards.

Deleting your information

You have the right to ask us to delete personal information about you where:

• you think that we no longer need to hold the information for the purposes for which it was originally obtained
• we are using that information with your consent and you have withdrawn your consent - see the 'withdrawing consent to using your information' section below.  Please note that in general we do not rely on consent as the legal basis for processing your personal information
• you have a genuine objection to our use of your personal information - see 'objecting to how we may use your information' below
• our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information

You have the right at any time to tell us to stop using your personal information for direct marketing purposes, profiling or research purposes. 

Restricting how we may use your information 

In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of your information. 

This right might also apply if we no longer have a basis for using your personal information - but you don't want us to delete the data.  Where this right is realistically applied will mean that we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent to use your information

Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Your request to transfer your data

If we are processing your personal information with your consent or as part of a contract with you, and it is held in an accessible and machine-readable format, you have a right to ask us to transmit it to another organisation. This is known as the right to data portability.

Our profiling or automated decision-making processes

We make some use of automated decision-making processes but very little use of profiling.  Where these techniques are used, this will be explained in the specific privacy statements relating to those functions, together with a description of the reason involved in any automated decision-making.

If you want to complain about or comment on how we have processed your personal information, you should email dataprotection@stirling.gov.uk

If you are still unhappy with how the council handled your complaint, you can contact the UK Information Commissioner's Office at:

The Information Commissioner,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire SK9 5AF

Phone: 0303 123 1113

You can find further information on the Information Commissioners Office website.