Audit and Risk Management

  1. Summary

    This privacy notice explains what personal information is collected, what it is used for and who it is provided to. The notice also describes why the Council requires your data, and the legal basis on which it does this. This privacy notice relates to the Council’s Audit and Risk Management Service. It provides additional information that specifically relates to this particular service, and should be read together with our general privacy notice.

  2. What personal information does this service use?

    • names
    • addresses
    • date of birth
    • relationship information
    • NHS numbers
    • National Insurance numbers
    • marital/civil partnership status
    • current contact details
    • occupation

    We use special category personal information, such as:

    • race
    • ethnic origin
    • trade union membership
    • biometrics (where used for ID purposes)
    • health condition

  3. What is your personal information used for?

    We collect and use your personal data for:

    • maintaining our accounts and records
    • service delivery and performance management
    • service planning and research
    • provision of assurance over business governance, risk and control
    • prevention, detection and investigation of crime/fraud
    • deriving statistics which inform reports and decisions such as risk assessment and corporate reporting
    • assess performance and to set targets for delivery of business plans
    • meeting statutory duties of Health and Safety at work etc Act 1974 and associated regulations
    • supporting the provision of reasonable adjustments for disabled employees

    We will use your personal data in accordance with law enforcement purposes, as set out in Part 3 of the Data Protection Act 2018 ('the 2018 Act'). 

    The term ‘law enforcement purposes’ relates to the prevention, investigation, detection or prosecution of criminal offences, or the execution of criminal penalties (including the safeguarding against, and the prevention of, threats to public security.)

    We may need to process sensitive personal data for law enforcement purposes, where it relates to a pressing social need, which cannot reasonably be achieved through less intrusive means. Such processing will only take place if either one of the law enforcement purposes set out in the 2018 Act is satisfied, or you have given your consent.

  4. What is the lawful basis we are relying on?

    We collect and use this information under Article 6 of the General Data Protection Regulation because:

    • it is necessary to perform our public tasks (Art 6(1)(e))
    • it is required by law (Art 6(1)(c))

    We will only use special categories of personal data we hold where it is necessary and because there is a substantial public interest, such as to carry out a legal duty, or for the prevention of crime. We can also need to use special category data under Article 9 of the General Data Protection Regulation specifically where:

    • you, or your legal representative, have given explicit consent to this particular information being used (Art 9(2)(a))
    • it is necessary for employment purposes (Art 9(2)(b))
    • you have made your information publicly available (Art 9(2)(e))
    • it is necessary for legal cases (Art 9(2)(f))
    • it is to carry out our public tasks which are in substantial public interest (Art 9(2)(g))
    • it is necessary to protect public health (Art 9(2)(i))
    • it is necessary for archiving, research, or statistical purposes (Art 9(2)(j))

    If we do not have one of the lawful reasons above for using or sharing your personal information, but we still think it is appropriate to do so we will ask you for your consent (Art 9(2)(a) GDPR).

  5. Where has the personal information come from?

    Some of the personal information we may hold will come directly from you when you contact us or use our services.  Your personal data also comes from the following sources including:

    • other departments and services within the Council
    • other local authorities where you or your family have previously lived, who may hold personal information about you
    • third party commercial organisations such as banks or current and previous employers
    • members of the public who hold information about you
    • central Government such as Department of Work and Pensions employees and their managers


  6. Who will we share your personal information with?

    We may share information provided with other bodies responsible for auditing or administering public funds, to provide assurance and in order to prevent and detect fraud.

    We take part in the Cabinet Office’s National Fraud Initiative to help prevent and detect fraud, which means we need to share some information with the Minister for the Cabinet Office.

    We will share your personal data with the following organisations when we need to:  

    • health agencies
    • the police
    • Department of Work and Pensions
    • Home Office
    • Cabinet Office
    • Ministry of Housing, Communities and Local Government
    • HM Revenue & Customs
    • judicial agencies (ie Courts)
    • Health and Safety Executive
    • any relevant employer

    We also share your personal data internally with other departments of the Council when we need to. By law, we may need to share data to detect or prevent crime or to prevent Council Tax, Housing Benefit and Housing Tenancy Fraud.

  7. How long will we keep your information?

    Our retention schedule sets out how long we keep personal information for.

  8. Your personal information and your rights

    You can find out more about your rights regarding the personal information used for this service. Your rights apply to the information held by the Council as a data controller, and the information we hold on behalf of the other data controllers.

  9. Contacting us about your data and updates

    If you have any questions or concerns about how we use your personal information, please contact the Council’s Data Protection Officer.

    You also have the right to complain to the Information Commissioner’s Office if you're unhappy about how we process your information.

Was this page helpful?

Fields marked * cannot be left blank

Feedback submitted to us on this form is monitored but you won’t receive a reply. In an emergency, visit our emergency contact details page. Please don't include any personal or financial information, for example your National Insurance or credit card numbers.