Guidance

Privacy Notice for the PSFA Intelligence Hub

Updated 24 February 2023

This notice sets out how we will use your personal data, and your rights. It is made under Article 14 of the General Data Protection Regulation (GDPR).

Your Data

Purpose

The purpose for which we are processing your personal data is to obtain information about individuals or organisations who have or are seeking to defraud the government. We do not collect personal information about those making reports but we do collect data on people who are the subject of reports.

Those who are subject of the reports will be held on a Case Management System, as detailed below, and specified Government Departments will have limited access to identify individuals of interest prior to a formal request for information.

The data

We will process the following personal data: Forename, Surname, Date of Birth, Addresses; Occupation: Telephone numbers; Bank details; Company details; HMRC reference numbers; National Insurance Number; Vehicle details; and any details of the alleged fraud.

The legal basis for processing your personal data is it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, such as the exercise of a function of the Crown, a Minister of the Crown, or a government department. In this case that is our function of detecting and preventing public sector fraud and the pursuit of fraud related debt.

Recipients

Where reports have been received through Crimestoppers, your personal data will be shared with us by Crimestoppers (who operate a reporting service on our behalf). We may also share your personal data with law enforcement agencies, and government departments who have responsibility for investigating offences.

As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide case management services, and document management and storage services.

Specified Government Departments will have the ability to undertake limited searches of the Case Management System in relation to Intelligence received and ongoing investigations. No information will be released without a formal request.

Retention

Your personal data will be kept by us for seven years or for the duration of any investigation whichever is longest.

Where personal data have not been obtained from you

Your personal data was obtained by us from someone making a report to the Crimestoppers hotline. It may also have been obtained from a report made to His Majesty’s Revenue and Customs, the Serious Fraud Office, a law enforcement agency, a government department, an associated agencies/ arms length bodies such as recognised Public Sector fraud agencies or anybody else who wishes to report suspicions of fraud and subsequently passed to us. If a report received is not anonymous, the team will sanitise the information before logging.

Your Rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You may have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data.

International Transfers

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision or the use of Standard Contractual Clauses or a UK International Data Transfer Agreement.

As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses.

Contact Details

The data controller for your personal data is the Cabinet Office. The contact details for the data controller are: Cabinet Office, 70 Whitehall, London, SW1A 2AS, or 0207 276 1234, or Contact the Cabinet Office.

The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk.

The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.

Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

or 0303 123 1113, or icocasework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.