Counter Fraud Privacy Notice
This privacy notice sets out how Ashford Borough Council's (ABC) Investigations and Enforcement Support Team (IEST) may collect, use and share your personal information.
The primary objective of IEST is to ensure the prevention of fraud and corrupt acts and to ensure that any instances or allegations of these are investigated and dealt with effectively.
ABC and its Data Protection Officer can be contacted at: The Data Protection Officer, Ashford Borough Council, Civic Centre, Tannery Lane, Ashford, TN23 1PL or you can email FOI@ashford.gov.uk.
The processing of personal data is governed, in the UK, by the General Data Protection Regulation (the "GDPR") 2016 and any national implementing laws (Data Protection Act 18), regulations and secondary legislation, as amended or updated from time to time, and the regional supervisory authority is the Information Commissioner's Office.
We are registered with the Information Commissioner's Office with registration number Z8344724.
We are required by law to protect the public funds that we administer, to this end IEST may process any personal information held by the council or other agencies in order to prevent and detect crime, fraud and to protect the public funds we administer. Personal information may be held and used to:
- conduct data matching exercises
- investigate whistleblowing notifications
- correspond with you on matters relating to investigation
- conduct investigations into:
- Council Tax
- non-domestic rates
- housing benefits
- tenancy and housing fraud
- any other investigations into fraudulent activity
What personal information we hold
In order to conduct investigations it may be necessary to hold the following types of personal information:
- full names
- address(es) previous, current and forwarding
- date of birth
- telephone number
- email address
- move in and out dates
- health information
- employer details
- income details
- expenditure details
- other financial details
- power of attorney details
- additional occupants details
- liability orders
- National Insurance number
Lawful bases for processing
- Processing is necessary for compliance with a legal obligation under; the Fraud Act 2016, Local Audit and Accountability Act 2014, Local Government Finance Act 2012, Social Security Administration Act 1992, Digital Economy Act 2017 and any other relevant legislation.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Processing may also be permitted under the following exemptions:
- Schedule 2 Para 2(1) or the Data Protection Act 2018
Crime and Taxation: General
2(1) The listed GDPR provisions and Article 34(1) and (4) of the GDPR (communication of personal data breach of the data subject) do not apply to personal data processed for any of the following purposes:
a) the prevention or detection of crime;
b) the apprehension or prosecution of offenders; or
c) the assessment or prosecution of a tax or duty or an imposition of a similar nature
to the extent that the application of those provisions would be likely to prejudice any of the matters mentioned in paragraphs (a) to (c).
- Schedule 2 Para 5(3) of the Data Protection Act 2018
5(3) The listed GDPR provisions do not apply to personal data where disclosure of the data:
a) is necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings);
b) is necessary for the purpose of obtaining legal advice; or
c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights, to the extent that the application of those provisions would prevent the controller from making the disclosure
- Schedule 2 Para 2(1) or the Data Protection Act 2018
How we get your information and data sharing
We predominantly collect information from you when you fill in any forms, set up an account, or when you contact us in writing, speak to us on the phone, by email, or communicate with us in any other way. In addition, some of the information we hold about you may come from third party sources such as the Department of Work and Pensions, HM Revenue and Customs and other third party partners and credit reference agencies.
We may share your information with partner organisations for the purposes of improving services, keeping records up-to-date, statistical research and for the protection of the public fund. These organisations include:
- other council departments
- other local authorities
- HM Revenue and Customs
- The Department for Work and Pensions
- Cabinet Office as part of the National Fraud Initiative
- National Audit Office
- Office for National Statistics
- Valuation Office Agency
- the Police
- health and social care organisations
- social housing providers
- credit reference agencies
- enforcement agents
National Fraud Initiative (NFI)
The Cabinet Office currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data for matching for each exercise.
The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of individuals concerned under the Data Protection Act 2018.
The Kent Intelligence Network
The Kent Intelligence Network (KIN) is a collaboration arrangement between Kent local authorities including Kent County Council, Medway Council, Kent and Medway Town Fire Authority, and the Kent district/borough and city councils.
To prevent and detect fraud and error across a range of locally administered services the KIN runs a data matching programme mirroring the National Fraud Initiative but run on a quarterly basis and utilising geographically local data sets.
We will only retain your personal information for as long as necessary to fulfil the purpose we collect it for, including for the purpose of satisfying any future legal, accounting or reporting requirements.
How we protect your data
The data you provide is protected by rigorous measures and procedures to make sure it can't be seen, or accessed by, or disclosed to anyone who shouldn't be allowed to see it. We provide training to staff who handle personal data and treat it as a disciplinary matter if they misuse or do not look after your personal data properly.
Unless subject to an exemption under data protection legislation, you have the following rights:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority;
- the right to withdraw consent
For further information about your individual rights, including how to contact Ashford Borough Council's Data Protection Officer, please see our data protection pages.
Right to Complain
We set ourselves high standards when it comes to protecting your personal data. For this reason, we take any complaints we receive from you about our use of your personal data very seriously and request that you bring any issues to our attention.
Where you are communicating with us for the purpose of making a complaint, we will only use your personal data to handle, investigate and respond to the complaint and to check on the level of service we provide.
If, having exhausted the complaint process, you are not content that your request or review has been dealt with correctly, you can appeal to the ICO to investigate the matter further by writing to:
Information Commissioner's Office
Changes to our Data Protection Policy
We may update this policy from time to time by republishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.