Financial Services - Privacy Notice

Our accountancy team comprises financial services, treasury, procurement and insurance. Our services include financial planning, statements of accounts, budgeting, financial systems and controls, debt collection, payments and strategic payroll.

The CIPFA Statement on the role of the Chief Financial Officer (CFO) in local government describes the responsibilities of the CFO, including responsibility for the finance function.

We are required to comply with professional standard, government guidance and other professional codes of conduct.

Processing activity - In general terms, we process personal information relating to the following areas:

  • setting up and maintaining records relating to debtors
  • processing payments to external individuals
  • processing payments to employees and elected councillors
  • processing debt recovery
  • procurement card administration
  • recording transactions on the ledger
  • accounting for expenditure and income
  • budget setting and budget monitoring
  • providing financial management information
  • costing staffing budgets
  • providing financial analysis and advice to internal customers
  • submission of grant funding claims
  • administering prepaid cards for direct payment clients
  • calculating and setting council housing rents
  • administration of employee car loans and leases
  • managing insurance claims from the public, employees and clients
  • administering grants to business etc. as directed by Government (Covid restrictions)
  • general correspondence between you and us
  • correspondence with the Insolvency Service (see below)
  • other information as may be required, to comply with our ‘accountable body’ status (see below)

Information requirements - our processing activities may include:

  • name, address, telephone, email address
  • date of birth
  • employee information, for example, payroll number, salary, taxation, national insurance, pension details, sickness details
  • bank account details
  • mortgagee details of individuals purchasing/leasing shared ownership/residential properties at The Bridge
  • housing rent account details
  • commercial property lettings tenants’ details
  • details of the type of business carried out by those parties leasing commercial units from us
  • vehicle details (lease car scheme)
  • insurance proposals
  • personal details relating to insurance claims
  • insurance related legal records
  • our payment system (for the recording of your payment only)

Failure to provide your personal data may result in us being unable to complete transactions with you.

Lawful bases1- our lawful bases for processing your personal information are:

  • UK GDPR 6(1)(b) - where it is necessary to fulfil your contractual obligations with us e.g. the payroll function
  • UK GDPR 6(1)(c) - our legal obligation(s) under the:
  • Local Government Act 1972 (Section 151 - requires local authorities to make arrangements for the proper administration of their financial affairs)
  • Local Government Finance Act 1988 (rates)
  • Local Government Finance Act 1992 (council tax)
  • Local Government Finance Act 2003
  • Local Audit and Accountability Act 2014
  • HMRC Compliance Handbook Manual
  • Debt Respite Scheme (Breathing Space Moratorium and Mental Health Crisis Moratorium) (England and Wales) Regulations 2020)
  • Commercial Rent (Coronavirus) Act 2022
  • UK GDPR Article 6(1)(e) and s.8 (c) Data Protection Act 2018 - where needed for the performance of a task carried out in the public interest (under the above legislation)
  • Article 10 UK GDPR and Data Protection Act 2018 section 10(5) & Schedule 1, Part II, para.6, justified by the Serious Crime Act 2007 – processing of data relating to criminal convictions and offences

We have a Data Protection Policy that sets out how this information will be handled.

Partnerships – as a partner, we may be designated as an ‘accountable body’ for the purposes of administering the partnership funds. We will have an overarching governance structure set out in an agreement, which will include compliance with our obligations under the Data Protection Act 2018 and the UK GDPR. Special category data will not be expressly requested in connection with our ‘accountable body’ status.  

Data sharing - we may share and receive information from:

  • our department(s)
  • Government agencies
  • Courts/tribunals
  • Cabinet Office (as part of the National Fraud Initiative)
  • service providers
  • professional advisers
  • internal and external auditors
  • law enforcement authorities
  • Her Majesty’s Revenue and Customs
  • insurance providers, brokers and claims’ handlers

The Insolvency Service may share your information with us (pursuant to the Debt Respite Scheme (Breathing Space Moratorium and Mental Health Crisis Moratorium) (England and Wales) Regulations 2020). As a creditor, if we are told by the Insolvency Service that a debt owed by you is in a breathing space, we must stop all action related to that debt and apply the protections. These protections must stay in place until the breathing space ends.

We may lawfully disclose information to public sector agencies to prevent or detect fraud or other crime, or to support the national fraud initiatives and protect public funds under the Local Audit and Accountability Act 2014. Under the Digital Economy Act 2017, we may also share personal data provided to us with other public authorities as defined in the Act, for the purposes of fraud or crime detection or prevention, to recover monies owed to us, to improve public service delivery, or for statistical research. We do not share the information with other organisations for commercial purposes.

We may also rely on a number of exemptions, which allow us to share information without needing to comply with all the rights and obligations under the Data Protection Act 2018. Please refer to the Kent and Medway Information Agreement for further details on our sharing arrangements.

Retention period - we keep your personal information for the minimum period necessary. The information outlined in this Privacy Notice will be kept in accordance with the retention periods referred to in our Asset Information Register (Financial Services). All information will be held securely and disposed of confidentially.

Anonymisation- your personal information may be converted ('anonymised') into statistical or aggregated data in such a way that ensures that you cannot be identified from it. Aggregated data cannot, by definition, be linked back to you as an individual and may be used to conduct research and analysis, including the preparation of statistics for use in our reports.

Right to object - where processing your personal information is required for the performance of a public interest task (see our lawful bases above), you have the right to object on ‘grounds relating to your particular situation’. We will have to demonstrate why it is appropriate for us to continue to use your personal data.

Changes to this Privacy Notice - we review this Privacy Notice regularly and will place updates on our website.

Please refer to our Corporate Privacy Notice for further details of how we process your personal information.

---------------------------------------------

1 Note that we may process your personal information on more than one lawful basis depending on the specific purpose for which we are using your information

GDPR Financial Services Privacy Notice