Fraud

The following information provides details on how we may collect use and where appropriate share personal information in accordance with the UK General Data Protection Regulations (UK GDPR). It should be read in conjunction with the Council’s privacy notice document.

Our Counter Fraud service is carried out by Veritau Ltd. You can find out more about Veritau on their website: . Business Assurance Services - Information Governance Services - Veritau

Why we collect personal data

We have a duty to protect public funds. The Counter Fraud team will use your data to investigate any potential errors and/or fraudulent activity which could lead (but is not limited to) generation of invoices, recovery of monies and prosecution and/or court action being pursued.

What personal data we collect

The Counter Fraud team will use any personal data that we hold in order to detect and/or prevent criminal activity. This includes, but is not necessarily limited to:

  • Your basic identifiers (such as name, date of birth, address, and gender),
  • Your contact details (such as home address(es), email address, and phone numbers),
  • Details about your family and relationship circumstances,
  • Details about your involvement with the Council.

The Counter Fraud team will also use any ‘Special Category’ data that we hold in order to detect and/or prevent criminal activity. This includes, but not necessarily limited to:

  • Details about your mental or physical health,
  • Details about your political affiliations or views,
  • Details about your trade union membership or affiliations,
  • Details about your religious or philosophical beliefs,
  • Details about your racial or ethnic origin.

The Counter Fraud team may also use any ‘criminal conviction data’ that we may hold in relation to you.

The Counter Fraud team will also create information based on their investigations. This could include, but is not necessarily limited to:

  • Any information you, or a party to the investigation, provides us with,
  • Any information passed to us by any other organisation,
  • Witness statements,
  • Any relevant correspondence we have had with you or another party to the investigation – including internal correspondence about you,
  • Any relevant video recording (including CCTV), audio recordings,  or images,
  • Investigation interview records.

For further details about how we define personal data and non-personal data please see our Data Protection Policy.

See our Data Protection Policy for details on how we define personal and non-personal data.

We may monitor and record electronic communications (website, email and phone conversations) for a number of reasons such as:

  • staff training
  • records of conversations
  • the detection, investigation and prevention of crime

We will inform you if your call is being recorded or monitored. 

Emails that we send to you or you send to us, may be retained as a record of contact and your email address stored for future use in accordance with our retention periods. If we need to email sensitive or confidential information to you, we may perform checks to verify the correct email address and may take additional security measures.

How we use your personal data

We'll only use your personal data in accordance with data protection legislation, and for the purposes stated in this privacy notice.

Data Matching

National Fraud Initiative

We participate in an exercise every two years called the National Fraud Initiative (NFI) to promote the proper spending of public money. This is a data matching exercise organised and managed by the Cabinet Office.

Every council in England takes part by providing information relating to the customers and services they supply. The Cabinet Office matches the databases together looking for suspicious details. We then investigate the details the Cabinet Office sends back to us.

For more information about how the Cabinet uses your data please see their website.

Normally every individual whose data is included is informed about NFI, in accordance with our data protection policy and the Cabinet Office’s code of practice. This notice, along with disclaimers on the Council’s data collection forms, fulfils that duty.

Internal Data Matching Initiative

We also undertake internal data matching exercises as well as regional data matching with neighbouring authorities. This is to further help protect public funds from misuse and identify fraud.

This means that we may use your personal data from one and match it against your data from another organisation. Any information we disclose to or receive from neighbouring authorities is governed by a strict information sharing agreement.

We'll:

  • only ask for what is necessary protect it and make sure nobody has access to it who shouldn’t
  • ensure you know if you have a choice about giving us personal data
  • only share your personal data with other Scarborough Borough Council departments or with external partners, agencies and contractors involved in delivering services on our behalf, eg Veritau.
  • make sure we don’t keep it for longer than is necessary
  • delete or destroy it securely when we no longer have a need to keep it

We ask that you:

  • give us accurate information
  • tell us as soon as possible of any changes
  • tell us as soon as possible if you notice mistakes in the information we hold about you

From time to time, we may conduct or ask you to take part in a survey to get your feedback, comments and opinions to help us improve our services.

Who we share your personal data with

We may get information about you from certain third parties, or give them information to:

  • Make sure the information is accurate,
  • Prevent or detect crime, and
  • Protect public funds.

These third parties include the Department for Work and Pensions, Her Majesty’s Revenues and Customs, other Government Departments and other Local Authorities. We may also provide information for data matching exercises with the Cabinet Office, the Department for Work and Pensions and credit reference agencies as the law allows.

We may also pass information to the Police or another law enforcement agency if we believe a crime has been, or is likely to be, committed.

Any information we use in presentations or reports will be anonymised and will not identify any individuals. For example a report on numbers of fraud investigations undertaken will not feature any personal data.

We do not disclose or share sensitive or confidential information without your explicit consent except where disclosure is required by law, or where we have good reason to believe that failing to do so, would put you or someone else at risk.

We may be required or permitted, under data protection legislation, to disclose your personal data without your explicit consent, for example if we have a legal obligation to do so, such as for:

  • law enforcement
  • fraud investigations
  • regulation and licensing
  • criminal prosecutions
  • court proceedings

Our legal basis for collecting and sharing personal data

We process your personal data for the purposes of crime prevention and/or detection and to ensure the proper use of public funds based on:

Article 6(1) (c) – Processing is necessary for compliance with a legal obligation,

Article 6(1) (e) – Processing is necessary for the performance of a task carried out in the Public Interest.

We process your special category data and criminal conviction data, for the purposes of crime prevention and/or detection, based on:

  • Article 9(2)(g) in pursuance with Schedule 1(6) and (10) of the Data Protection Act 2018 – Processing is necessary for reasons of substantial public interest (legal obligations and preventing/detecting unlawful acts).

This is in pursuance with the following legislative texts:

The Local Audit and Accountability Act

How long we keep your personal data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.  We will keep your personal data as set out in our Retention Policy.  We will delete or destroy your personal data securely.

We will keep electronic records for up to six years on conclusion of their use (e.g. at the point an investigation is ended).

Where we collect or process information for data matches purposes, we review each project on its own merits and may delete records within six years if it is no longer relevant to hold bulk data which has been used for matching.

At the end of the retention period, we may pass any relevant information to the Archives where it is required or appropriate to do so.

Further processing of personal data

See our Data Protection Policy for details about the further processing of personal data.

Personal data from online payments

See our Data Protection Policy for details on how we process your personal data in connection with online payments.

Your rights relating to your personal data

When we collect your personal data we'll tell you how we are going to use it. Where we process your personal data, you have a number of rights under data protection law.

Find information about your rights on our GDPR page.

Further information

If you have any questions, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us at dataprotection@scarborough.gov.uk or on 01723 232323 or write to:

Data Protection Officer
Scarborough Borough Council
Town Hall
St Nicholas Street
Scarborough
North Yorkshire
YO11 2HG