Corporate Investigations Privacy Notice
Our core data protection obligations and commitments are set out in Bradford Council's primary privacy notice.
This notice provides additional privacy information for those accessing the Council’s Corporate Investigations service and describes how the Investigation service collects, uses and shares personal information about you and the types of personal information we need to process, including information the law describes as ‘special’ because of its sensitivity.
Personal information we collect and use
Information collected by us
The information we collect will be the minimum we need to deliver our service and will include the following personal data:
- Name
- Address
- Telephone number(s)
- Email address
- Employer details
- Bank details
- Household composition
- Income and expenditure
- Date of Birth
- National Insurance Number
- Nationality, Immigration Status
We may also collect and process special categories of personal information that may include:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Data concerning health
- Data concerning a person’s sex life or sexual orientation
How we use your personal information
We collect your personal information for the following purposes:
- To carry out activities and obligations associated with counter fraud
- To carry out corporate investigations associated with the Council’s business
- To perform any of Bradford Council’s statutory enforcement duties.
How long your personal data will be kept
We will hold your personal information in line with Bradford Council’s retention schedule. At its expiry date the information will be reviewed, and only retained where there is an on going requirement to retain for a statutory or legal purpose. Following this your personal information will be securely destroyed.
Reasons we can collect and use your personal information
The lawful basis on which we collect and use your personal data is that
- Processing is necessary for compliance with a legal obligation
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
We hold the information in line with the following legislation:
- Local Government Act 1972 Section 151
- Local Government Finance Act 1988
- Local Government Finance Act 1992
- Non Domestic Rating (Collection and Enforcement) (Local Lists) Regulations 1989
- The Council Tax (Administration and Enforcement) Regulations 1992 (as amended)
- Data Protection Act 2018
- UK General Data Protection Regulation
- Local Audit and Accountability Act 2014 (Part 6)
- Fraud Act 2006
- Prevention of Social Housing Fraud Act 2013
- Theft Act 1968
- Proceeds of Crime Act 2002
- Road Traffic Regulations Act 1984
Who we share your personal information with
We may sometimes share the information that we have collected about you where it is necessary, lawful and fair to do so. We may share information with the following for these purposes:
- The Cabinet Office
- Government agencies
- Anti-fraud organisations
- The Police
- Judicial agencies e.g. Courts
- Department for Work and Pensions
- HMRC
- Other Local Authorities
- Internal departments
- Other third-party organisations, as allowed by law
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security incidents and we will notify you and the appropriate regulator of any incident where we are legally required to do so.
When computers make any decisions about you?
The Corporate Investigations service does not make or use any automated decisions.
When your data is sent to other countries?
We do not send any information we collect about you outside the United Kingdom.
Rights for individuals under the UK GDPR
What are your rights?
Please contact the Corporate Information Governance Team at dpo@bradford.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer at dpo@bradford.gov.uk or write to: Data Protection Officer, City Hall, Centenary Square, Bradford, BD1 1HY.
UK GDPR also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted on 03031 231113.