Counter Fraud Privacy Notice

This privacy notice sets out how Ashford Borough Council's (ABC) Investigations and Enforcement Support Team (IEST) may collect, use and share your personal information.

The primary objective of IEST is to ensure the prevention of fraud and corrupt acts and to ensure that any instances or allegations of these are investigated and dealt with effectively.

ABC and its Data Protection Officer can be contacted at: The Data Protection Officer, Ashford Borough Council, Civic Centre, Tannery Lane, Ashford, TN23 1PL or you can email FOI@ashford.gov.uk.

The processing of personal data is governed, in the UK, by the General Data Protection Regulation (the "GDPR") 2016 and any national implementing laws (Data Protection Act 18), regulations and secondary legislation, as amended or updated from time to time, and the regional supervisory authority is the Information Commissioner's Office.

We are registered with the Information Commissioner's Office with registration number Z8344724.

Processing activities

We are required by law to protect the public funds that we administer, to this end IEST may process any personal information held by the council or other agencies in order to prevent and detect crime, fraud and to protect the public funds we administer. Personal information may be held and used to:

conduct data matching exercises
investigate whistleblowing notifications
correspond with you on matters relating to investigation
conduct investigations into:
- Council Tax
- non-domestic rates
- housing benefits
- payroll
- suppliers
- tenancy and housing fraud
- any other investigations into fraudulent activity

What personal information we hold

In order to conduct investigations it may be necessary to hold the following types of personal information:

full names
address(es) previous, current and forwarding
date of birth
telephone number
email address
move in and out dates
health information
employer details
income details
expenditure details
other financial details
power of attorney details
additional occupants details
liability orders
National Insurance number

Lawful bases for processing

Processing is necessary for compliance with a legal obligation under; the Fraud Act 2016, Local Audit and Accountability Act 2014, Local Government Finance Act 2012, Social Security Administration Act 1992, Digital Economy Act 2017 and any other relevant legislation.
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Processing may also be permitted under the following exemptions:
- Schedule 2 Para 2(1) or the Data Protection Act 2018
  Crime and Taxation: General
  2(1) The listed GDPR provisions and Article 34(1) and (4) of the GDPR (communication of personal data breach of the data subject) do not apply to personal data processed for any of the following purposes:
  a) the prevention or detection of crime;
  b) the apprehension or prosecution of offenders; or
  c) the assessment or prosecution of a tax or duty or an imposition of a similar nature
  to the extent that the application of those provisions would be likely to prejudice any of the matters mentioned in paragraphs (a) to (c).
- Schedule 2 Para 5(3) of the Data Protection Act 2018
  5(3) The listed GDPR provisions do not apply to personal data where disclosure of the data:
  a) is necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings);
  b) is necessary for the purpose of obtaining legal advice; or
  c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights, to the extent that the application of those provisions would prevent the controller from making the disclosure

How we get your information and data sharing

We predominantly collect information from you when you fill in any forms, set up an account, or when you contact us in writing, speak to us on the phone, by email, or communicate with us in any other way. In addition, some of the information we hold about you may come from third party sources such as the Department of Work and Pensions, HM Revenue and Customs and other third party partners and credit reference agencies.

We may share your information with partner organisations for the purposes of improving services, keeping records up-to-date, statistical research and for the protection of the public fund. These organisations include:

other council departments
other local authorities
HM Revenue and Customs
The Department for Work and Pensions
Cabinet Office as part of the National Fraud Initiative
National Audit Office
Office for National Statistics
Valuation Office Agency
the Police
health and social care organisations
social housing providers
credit reference agencies
enforcement agents

National Fraud Initiative (NFI)

The Cabinet Office currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data for matching for each exercise.

The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of individuals concerned under the Data Protection Act 2018.

The Kent Intelligence Network

The Kent Intelligence Network (KIN) is a collaboration arrangement between Kent local authorities including Kent County Council, Medway Council, Kent and Medway Town Fire Authority, and the Kent district/borough and city councils.

To prevent and detect fraud and error across a range of locally administered services the KIN runs a data matching programme mirroring the National Fraud Initiative but run on a quarterly basis and utilising geographically local data sets.

View the Kent Intelligence Network privacy notice.

Retention period

We will only retain your personal information for as long as necessary to fulfil the purpose we collect it for, including for the purpose of satisfying any future legal, accounting or reporting requirements.

How we protect your data

The data you provide is protected by rigorous measures and procedures to make sure it can't be seen, or accessed by, or disclosed to anyone who shouldn't be allowed to see it. We provide training to staff who handle personal data and treat it as a disciplinary matter if they misuse or do not look after your personal data properly.

Your rights

Unless subject to an exemption under data protection legislation, you have the following rights:

the right to access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to object to processing;
the right to data portability;
the right to complain to a supervisory authority;
the right to withdraw consent

For further information about your individual rights, including how to contact Ashford Borough Council's Data Protection Officer, please see our data protection pages.

Right to Complain

We set ourselves high standards when it comes to protecting your personal data. For this reason, we take any complaints we receive from you about our use of your personal data very seriously and request that you bring any issues to our attention.

Where you are communicating with us for the purpose of making a complaint, we will only use your personal data to handle, investigate and respond to the complaint and to check on the level of service we provide.

If, having exhausted the complaint process, you are not content that your request or review has been dealt with correctly, you can appeal to the ICO to investigate the matter further by writing to:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF