As part of our Anti-fraud and Corruption Strategy, to detect suspicious behaviours of fraud and/or crime across the Council’s functions, such as Benefits, Council Tax, Environmental Health, Counter-fraud and Environmental Enforcement, we may receive and share information with HMRC (Customer Compliance Group – RIS Intelligence, Volume Intelligence, Intelligence Exchange). See HMRC’s Privacy Notice.
Processing activity - we use personal information across all our services to help to prevent and detect crime and fraud and to protect the public funds that we manage. It is necessary for us to collect and hold personal information about you. In general, we process personal information as detailed in our relevant services specific privacy notices (see below).
As detailed in our relevant services specific privacy notices.
Information requirements – our processing activities may include:
General application to HMRC:
- Requested tax years
- Full name (individual/company)
- Full address
- Date of birth
- Date of incorporation
- NINO (National Insurance Number)
- Company Registration Number
- Previous address
- Nature of Enquiry
Individuals’ data from HMRC:
- Name (first name/surname/middle name if given)
- Date of Birth
- Contact detail if requested (phone number and email address)
- NINO (a justified reason must be provided)
- Employer name
- Employer address (if requested)
- Employment start and end dates
- Employment taxable pay for the year
- Tax paid if requested
Company data from HMRC:
- Tax Return details
- VAT Return details
- Bank Details
- Number of Employees
Lawful bases - our lawful bases for processing your personal information is where needed for the performance of a task carried out in the public interest (UK GDPR Article 6(1)(e) and section 8(c ) DPA 2018), under the legislation detailed in our relevant services specific privacy notices (see below) and section 68 Serious Crime Act 2007 and Section 56 Digital Economy Act 2017.
Some of the information that is collected and shared is classified as criminal convictions and offences (including alleged offences) (UK GDPR Article 10) . This is processed under Part 3 DPA 2018 (general processing) and Schedule 1, paras. 10, 12 & 14:
- preventing or detecting unlawful acts
- regulatory requirements relating to unlawful acts and dishonesty etc.
- preventing fraud.
We have a Data Protection Policy that sets out how this information will be handled.
Data sharing - where we detect suspicious behaviours of fraud and/or crime a cross our functions, we may receive from and share information with HMRC (Customer Compliance Group – RIS Intelligence, Volume Intelligence, Intelligence Exchange).
Onward disclosure of information by us will be completed in consultation with HMRC. HMRC will be informed if we are required by law or a court order to disclose any HMRC information.
We may also rely on a number of exemptions, which allow us to share information without needing to comply with all the rights and obligations under the Data Protection Act 2018. Please refer to the Kent & Medway Information Agreement for further details on our sharing arrangements.
Retention period - we keep your personal information for the minimum period necessary. The information outlined in this Privacy Notice will be kept as follows, unless exceptional circumstances require longer retention e.g. a pending court case:
- prosecution files – 7 years from date of closure;
- sanction files (formal cautions/penalties) – 5 years from date of closure;
All information will be held securely and disposed of confidentially.
Anonymisation- your personal information may be converted ('anonymised') into statistical or aggregated data in such a way that ensures that you cannot be identified from it. Aggregated data cannot, by definition, be linked back to you as an individual and may be used to conduct research and analysis, including the preparation of statistics for use in our reports.
Right to object – where processing your personal information is required for the performance of a public interest task (see our lawful bases above), you have the right to object on ‘grounds relating to your particular situation’. We will have to demonstrate why it is appropriate for us to continue to use your personal data.
Changes to this Privacy Notice – we review this Privacy Notice regularly and will place updates on our website.
Please refer to our Corporate Privacy Notice for further details of how we process your personal information and for details on your additional rights.
Service Specific Privacy Notices: