Internal Audit, Risk and Corporate Fraud Team
This notice provides details of what information we collect from you, what we do with it, and who it might be shared with.
Frequently asked questions
Why do we collect this information?
We have an obligation under section 95 of the Local Government (Scotland) Act 1973 to protect public funds. To this end, the Internal Audit, Risk and Corporate Fraud Team may make enquiries, and collect information, both internally and with external agencies.
The information is being collected for the following purposes:
- To establish the adequacy of the Council's arrangements for risk management, governance and control
- To ensure the Council's proper administration of its financial affairs
- To prevent and detect crime
- To apprehend or prosecute offenders
- To assess or collect a tax, duty or an imposition of a similar nature
- To check that current information held is accurate
The legal basis for each purpose is set out below:
| Legal basis | Purpose |
|---|---|
| Consent | |
| Performance of a contract | |
| Legal obligation | 1-6 |
| Vital interests | |
| Task carried out in the public interest | 1-6 |
| Legitimate interests |
The following legislation is relevant:
- The Local Government (Scotland) Act 1973
- The Public Interest Disclosure Act 1998
- The Public Finance and Accountability (Scotland) Act 2000 (enables disclosure of data to Audit Scotland for data matching purposes)
- The Bribery Act 2010
What information do we collect about you?
We may collect information about, but not restricted to, the following:
- financial transactions of the Council (including the Falkirk Pension fund)
- payments to staff, elected Members, or partner organisations
- regulatory transactions, for example those relating to Licensing, Planning, and Building Standards
- records relating to the Council's housing and commercial property portfolios
- records relating to the employment and management of staff and elected Members of the Council
- customer and client records
- records (and metadata) held within the Council's IT systems (whether hosted locally or remotely)
Where do we collect information from?
In undertaking its role, the Internal Audit, Risk, and Corporate Fraud team may disclose information to, and receive information from, a range of external bodies. These may include, but are not restricted to:
- Police Scotland
- Crown Office and Procurator Fiscal Service
- Other Local Authorities
- Government bodies including HMRC and DWP
- NHS (including NHS Counter Fraud Services)
- Credit Reference agencies
- Service Providers
- Arms' Length organisations
- Regulatory bodies
- Telecommunications providers
Who might we share your information with?
Please see section above.
Will we send your information outwith the UK?
We do not transfer your information outwith the UK.
How long do we keep hold of your information?
We keep your information as long as required by law or by our business requirements. We have a Business Classification Scheme in place which sets out the types of records we hold, and how long we hold them - you can access the relevant part of the scheme below.
Do I have to provide my personal data to you?
You do not have to provide information to us.
Do you use any automated processes to make decisions about me?
The National Fraud Initiative (NFI) makes some use of automated decision-making processes and profiling. However no decisions in relation to individuals are made without a human scrutinising the results first and the process is not wholly automated. For more details see:
- Falkirk Council - National Fraud Initiative
- Audit Scotland - National Fraud Initiative in Scotland (Privacy Policy)
This notice was last updated in October 2019.