This document is in addition to Glasgow City Council's Privacy Statement which can be found at www.glasgow.gov.uk/privacy and this document is specific to the Internal Audit Team.
Glasgow City Council has an obligation under Section 95 of the Local Government (Scotland) Act 1973 to protect public funds. To this end the Internal Audit Team can make enquiries with both internal and external agencies in order to establish the correct entitlement to the services the Council provides and to any financial awards that may be granted. This can include;
The information that is gathered can be examined for the following reasons;
The legal basis for processing your personal information include the following:
We process your personal information because it is necessary for us to use your personal information for the performance of a task carried out in the public interest by the council. In the case of counter fraud activity, we also need to process more sensitive personal information about you for reasons of substantial public interest as set out in the Data Protection Act 2018. It is necessary for us to process this more sensitive information for a number of reasons including:
We both disclose information to, and receive information from, a range of external bodies in relation to counter-fraud activity. External agencies can include:
Almost all council data is held within the UK. It is highly unusual for any counter-fraud information to be transferred outside the UK, the main exception to this being that we may share information with the European Commission or European Court of Auditors in cases where there is suspected fraud involving EU funds. Any overseas data transfers require additional internal approvals and we only send data overseas where we have been able to put in place measures to ensure that your personal information is as safe and respected in the overseas country or countries in question as it is in the UK.
The Council will hold all information obtained in a secure environment and is only accessed by the appropriate people. Information is only held for the minimum time necessary or for the period set out in law. The Council maintains a Record Retention and Disposal Schedule and this can be accessed at www.glasgow.gov.uk/rrds.
The National Fraud Initiative (NFI) makes some use of automated decision-making processes and profiling. However no decisions in relation to individuals are made without a human scrutinising the results first and the process is not wholly automated. For more details see http://www.audit-scotland.gov.uk/uploads/docs/um/nfi_privacy_notice_2018.pdf .
Your sights are set out in the general privacy statement (see link above). To exercise these rights, please contact the Council's Data Protection Officer. The Data Protection Officer can be contacted on 0141 287 1055 or by e mail at firstname.lastname@example.org if you have a complaint about how we handled your personal data.
You also have the right to lodge a complaint about data protection matters with the Information Commissioners Office who can be contacted as follows;
Phone - 01625 545 745
Letter - Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.