Privacy Notice - Internal Audit

This page was last updated on 19 May 2022

Who we are

Glasgow City Council is a local authority established under the Local Government etc. (Scotland) Act 1994. Its head office is located at City Chambers, George Square, Glasgow G2 1DU, United Kingdom.  Contact  details for our Data Protection Officer can be found on our website at www.glasgow.gov.uk/privacy.

Why do we need your personal information and what do we do with it?

Glasgow City Council has an obligation under Section 95 of the Local Government (Scotland) Act 1973 to protect public funds. To this end the Internal Audit Team can make enquiries with both internal and external agencies in order to establish the correct entitlement to the services the Council provides and to any financial awards that may be granted. This can include:

1. Licencing
2. Internal enquiries
3. Law enforcement
4. Grants and benefits
5. Civil enquiries
6. Financial transactions both to and from the Council

The information that is gathered can be examined for the following reasons:

1. The prevention and detection of crime
2. The apprehension or prosecution of offenders
3. The assessment or collection of a tax or duty or an imposition of a similar nature
4. To check the current information held is accurate
5. To examine apparent anomalies which may indicate that fraud is occurring

Legal basis for using your information:

These services are provided in terms of the council's statutory functions as a local authority, more details of which can be found on our website at www.glasgow.gov.uk/privacy.  Processing your personal information is necessary for the performance of a task carried out in the public interest by the Council.

 The legal basis for processing your personal information include the following:

1. The Public Finance and Accountability (Scotland) Act 2000 that enables disclosure of data to Audit Scotland for data matching purposes
2. The Local Government (Scotland) Act 1973
3. The Public Interest Disclosure Act 1998
4. The Bribery Act 2010.

We also need to process more sensitive personal information about you for reasons of substantial public interest as set out in the Data Protection Act 2018. It is necessary for us to process it to carry out key functions as set out in law.

Who do we share your information with?

We are legally obliged to safeguard public funds so details will be checked internally for fraud prevention and verification purposes and may be shared with other public bodies for the same purpose.  We are legally obliged to share certain data with other public bodies such as HMRC and will do so where the law requires this; we will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and proportionate.  Information is also analysed internally in order to provide management information, inform service delivery reform and similar purposes.  This is in accordance with the council's Information Use and Privacy Policy, the privacy statement set out in full on our website, and the provisions of our Records Management Plan approved in terms of the Public Records (Scotland) Act 2011.

We both disclose information to, and receive information from, a range of external bodies in relation to counter-fraud activity.  External agencies can include:

1. Police Scotland
2. Crown Office and Procurator Fiscal Service
3. Other Local Authorities
4. Government bodies including HMRC and DWP
5. The NHS
6. Credit Reference agencies
7. Service Providers
8. Arms' Length organisations
9. Regulatory bodies
10. Telecommunications providers
11. Material published on the internet

Information we receive from these external bodies will vary depending on the nature of the activity we are investigating but can include name, address, date of birth and other basic identifying details, national insurance number, income details, numbers, and ages of other people in your household and details of benefits you are in receipt of.  We may also acquire certain telecommunications data (subscriber details, numbers dialled but not content of telephone conversations) from telecommunications providers and where appropriate will conduct internet searches relating to our inquiries.

International transfers:

Almost all council data is held within the UK.  It is highly unusual for any counter-fraud information to be transferred outside the UK, the main exception to this being that we may share information with the European Commission or European Court of Auditors in cases where there is suspected fraud involving EU funds.  Any overseas data transfers require additional internal approvals and we only send data overseas where we have been able to put in place measures to ensure that your personal information is as safe and respected in the overseas country or countries in question as it is in the UK. 

How long do we keep your information for?

The council maintains a records retention and disposal schedule which sets out how long we hold different types of information for.   This is available on the council's website at www.glasgow.gov.uk/rrds or you can request a hard copy from the contact address below.

Your rights under data protection law:

Access to your information - You have the right to request a copy of the personal information about you that we hold. 

Correcting your information- We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.

Deletion of your information -You have the right to ask us to delete personal information about you where:

• You consider that we no longer require the information for the purposes for which it was obtained
• You have validly objected to our use of your personal information - see Objecting to how we may use your information below
• Our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information - You have the right at any time to require us to stop using your personal information for direct marketing purposes. 

Restricting how we may use your information- in some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information.  The right might also apply if we no longer have a basis for using your personal information but you don't want us to delete the data.  Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Please contact us in any of the ways set out above if you wish to exercise any of these rights.

Profiling or automated decision-making processes:

The National Fraud Initiative (NFI) makes some use of automated decision-making processes and profiling.  However, no decisions in relation to individuals are made without a human scrutinising the results first and the process is not wholly automated.  For more details see http://www.audit-scotland.gov.uk/uploads/docs/um/nfi_privacy_notice_2018.pdf.

Complaints:

If you do not have access to the internet you can contact us on 0141 287 1055 to request hard copies of any of the above documents.

We aim to directly resolve all complaints about how we handle personal information.  However, you also have the right to lodge a complaint with the Information Commissioner's Office.  Contact details for our Data Protection Officer and for the ICO can be found on our website under www.glasgow.gov.uk/privacy.

More information:

For more details on how we process your personal information visit www.glasgow.gov.uk/privacy