Guidance

Privacy notice: deputyship fee refunds

Published 2 October 2019

Applies to England and Wales

Who manages the deputyship fee refunds scheme?

This service is managed by the Office of the Public Guardian (OPG), which is an executive agency of the Ministry of Justice (MOJ).

MOJ is the data controller for the personal data we store.

Our personal information charter explains how we process personal data.

Why we collect personal data and how we use it

Personal data is information about you as an individual.

In order to use the deputyship refund service, you need to provide personal information about yourself and the client. We use this information to check against our payment records to find out whether a refund is due and, if so, to then pay the refund.

We only collect personal data that we need to assess and process your refund claim.

This includes your:

  • name
  • address
  • postcode
  • bank account details
  • email address
  • telephone number

and the client’s:

  • name
  • date of birth
  • date of death (where applicable)
  • address

We might also collect information if you contact the deputyship fee refunds team – for example, if you contact us to ask a question or to make a complaint.

The legal basis for using personal data in this way is Article 6(1)(e) of the General Data Protection Regulations (GDPR) which allows us to process personal data when this is necessary to perform our public tasks.

One of our public tasks under section 58(1)(c) of the Mental Capacity Act 2005 (MCA) is to supervise court-appointed deputies.

We have legal responsibility to fully recover, but not over-recover, the cost of this supervision service through the fees charged.

How we store data

Once you submit your refund claim, the information you have provided will be stored in a secure database within the European Economic Area (EEA).

After a refund has been paid, information that has been archived will be held securely within our internal systems or held by our appointed data storage supplier (Iron Mountain), in accordance with our record retention and disposition schedule – see How long we keep data.

If you apply for a deputyship refund by email, the personal data you send may be sent through countries outside the EEA by your service provider.

Data is not stored in a non-EEA country. However, it may sometimes be necessary to transfer personal data overseas. Any transfers made will comply with all aspects of data protection law.

Who has access to data in the service?

Our hosting provider (Amazon Web Services) and MOJ staff responsible for supporting the service have access to the secure database.

The payments will be processed by Shared Services Connected Limited (SSCL). SSCL only have access to the payment details (amount and recipient) and do not have access to our full case records.

We encrypt the bank details you provide and securely transfers them to SSCL. SSCL only use these details to process refund payments in line with terms of service agreed between MOJ and SSCL.

Some archived data will be held by Iron Mountain. This is a storage facility for physical documents. The information stored is in line with the terms of service agreed between OPG and Iron Mountain.

Our staff responsible for processing refund applications have access to the data and have MOJ security clearance.

Our personal information charter sets out the standards you can expect when we ask for or use your personal information.

How long we keep data

We will keep your personal data in line with the record retention and disposition schedule.

Change or delete information you’ve provided

Contact the deputyship fee refunds team if you want to change or delete any of the information you’ve sent us.

Requests to remove information you’ve sent to us may mean we’re unable to process your application for a refund.

Sharing personal data

We’ll only share the information you give when the law says we can. For example, we may share information with the police to help them prevent fraud or investigate crime.

We will never:

  • share your information with other organisations for marketing, market research or commercial purposes
  • sell or rent your data to third parties

Access your personal data

You can find out what personal data we hold about you in the service by making a subject access request.

Under GDPR and the Data Protection Act 2018, you have a number of data subject rights that are relevant to your personal data when using this service:

Getting more information

You can get more details on:

  • agreements we have with other organisations for sharing information
  • when we can pass on personal data without telling you, for example, to help with the prevention or detection of crime or to produce anonymised statistics
  • instructions we give to staff on how to collect, use or delete your personal data
  • how we check that the information we hold is accurate and up-to-date
  • how to make a complaint
  • anything in this privacy notice
  • what to do if you think that your personal data has been misused or mishandled

For more information, please contact:

MOJ data protection officer
Post point 10.38
102 Petty France
London
SW1H 9AJ

 Changes to this notice

We may change this privacy notice from time to time. When we do, we’ll update the ‘last updated’ date at the bottom of this page.

If these changes affect how your personal data is processed, we’ll take reasonable steps to let you know.

Any changes to this privacy notice will apply to you and your data immediately.

Making a complaint

When we ask for personal data, we’ll keep to the law. If you think that your information has not been handled correctly, in addition to contacting the MOJ data protection officer, you can contact the Information Commissioner for independent advice about data protection at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4.30pm

www.ico.org.uk

Find out more about the use of cookies in our cookies policy.