Introduction
This privacy notice describes the personal data being processed by the Tyne and Wear Fire and Rescue Service (‘the Service’) as part of our participation in the National Fraud Initiative (NFI).
Purpose
The purpose for which we are processing your personal data is to prevent and detect fraud.
We are required by law to protect the public funds we administer. To prevent and detect fraud we may share information provided to us with other bodies responsible for auditing or administering public funds
As part of our arrangements to prevent and detect fraud, we participate in the NFI. The NFI is a data matching exercise to assist in the prevention and detection of fraud or error. The NFI is the responsibility of the Cabinet Office, a central government department. The Cabinet Office is responsible for carrying out the data matching exercises. We are required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information, e.g. pension records may be matched with death records to ensure no pensions are being made to persons who are deceased. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency which requires further investigation. Any investigation in to a data match relating to data submitted by us would be carried out by us.
No assumption can be made as to whether there is a fraud, error or other explanation until an investigation is carried out.
The Cabinet Office requires us to participate in the NFI. The request by the Cabinet Office to submit your personal data for its use by the Cabinet Office in the NFI is made with statutory authority under Part 6 of the Local Audit and Accountability Act 2014.
The use of data by the Cabinet Office does not require the consent of individuals concerned under data protection legislation or the General Data Protection Regulation (GDPR).
However data matching by the Cabinet Office is subject to a Code of Practice.
As we have a statutory obligation, our lawful basis for processing is therefore as defined by Article 6(1)(c) of the GDPR, ‘processing is necessary for compliance with a legal obligation to which the data controller is subject’.
The information provided by us to the Cabinet Office to allow it to conduct the NFI is data you have already provided to us for other purposes.
The information provided to the Cabinet Office is data you have provided to us:
- when making a claim or applying for a pension
- when seeking payment of an invoice from us. This is referred to as trade creditor standing and payment history data.
- when seeking payment for employment from us. This is referred to as payroll data.
Data specifications setting out exactly what data is provided to the Cabinet Office for the NFI can be accessed here.
Where a match is found it may indicate that there is an inconsistency which requires further investigation. Where this is the case and it relates to data submitted by us, the Cabinet Office will send the data match information to us for investigation.
A match received by us may include data about you already submitted by us but may also include data about you from another third party as the data submitted by us is matched with data from other third party organisations.
These organisations include councils, pension authorities, police and fire authorities, NHS bodies, passenger transport authorities among others. A full list of providers of information to NFI is included in the Cabinet Office NFI Privacy Notice
Your personal data will be shared with the Cabinet Office to allow the NFI to take place.
Dependent upon the outcome of the data matching exercises carried out as part of the NFI your data may also be shared by the Cabinet Office as necessary for the purposes of preventing and detecting fraud with:
- the Auditor General for Wales
- the Comptroller and Auditor General for Northern Ireland
- the Auditor General for Scotland
- the Accounts Commission for Scotland and Audit Scotland
- mandatory participants in the NFI
- voluntary participants in the NFI
Further details of bodies to whom your personal data may be shared by the Cabinet Office is included in the Cabinet Office NFI Privacy Notice
We only keep your information for as long as we need it. This is to meet our legal responsibilities and best practice reasons.
The Service has agreed retention periods which set out the period of time personal data will be retained by the Service.
These are recorded in the Service’s Data and Record Retention Schedules.
The Cabinet office has agreed retention periods for the data provided to it by us and other participating bodies. More information is available in the Cabinet Office NFI Privacy Notice.
No personal data processed as a part of the NFI is transferred overseas to any other country.
Your personal data requested by the Cabinet Office for the NFI is uploaded from us to the Cabinet Office via a secure website.
Access to the website is restricted to authorised personnel only and is password protected.
All data is encrypted during the transmission of data.
No automated decision making is made as part of the NFI arrangements.
At no time will your information used as part of the NFI be used for marketing or sales purposes. It will be used for the sole purpose of the prevention and detection of fraud.
Under data protection legislation, you have the right to request access to information about you that we hold.
If you are aged 12 or over, we will usually consider you to be old enough to understand your rights and to make a Subject Access Request yourself, if you want to.
If you are younger than 12, your parent will normally have to make a request on your behalf.
To make a request for your personal information, contact the Services Data Protection Officer by emailing DPO@twfire.gov.uk.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us via our complaints procedure.
Alternatively, you can contact the Information Commissioner’s Office, who is an independent regulator. The contact details are:
- online at: https://ico.org.uk/concerns/
- by post: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF - by telephone: 0303 123 1113 (local rate) or 01625 545 745
- by fax: 01625 524 510
Further information
For further information on data protection and GDPR arrangements at Tyne and Wear Fire and Rescue Service please contact the Service’s Data Protection Officer (see contact details above).
For further information on the use of your personal data provided to the Cabinet Office for the NFI, you can access the Cabinet Office NFI Privacy Notice here