Privacy Notice for Spotlight Counter Fraud Checks
Updated 11 January 2023
This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).
1. Your data
1.1 Purpose
The purpose for which we are processing your personal data is to perform counter fraud checks on applications for grants and contracts made to public bodies. This will involve processing information on individuals, charities, limited and non-limited companies to assess the risk of fraud and reduce the error in grant and contract payments.
While the processed information relates to an application for a grant or contract, in some cases the data may constitute personal data.
1.2 The data
As part of our due diligence checks, we will process the following personal data:
- business address
- business postcode
- County Court Judgements against the non-limited company
- disqualified directorships,
- convictions against directors and failed directorships
- bankruptcies
- credit limit
- business failure/business default probability
- amount/value of accounts in collection
- payment to terms and payment pattern
- unpaid/late accounts
- nature of grants and contracts applied for
As part of our bank verification checks, we will process the following personal data:
- first name
- surname
- address
- postcode
- account number
- sort code
- date of birth
1.3 Legal basis of processing
The legal basis for processing your personal data is that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is the Cabinet Office’s function to deter and reduce fraud and error in government grants and contracts.
The processing by us of personal data relating to criminal convictions and offences or related security measures is not carried out under official authority, but is authorised because processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department. In this case that is the Cabinet Office’s function to deter and reduce fraud in government grants and contracts.
1.4 Recipients
Your personal data will be shared by us with other government bodies, including government departments, Arms Length Bodies, and Local Authorities
As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, document management and storage, customer relationship management and web hosting services.
1.5 Retention
Your personal data will be kept by us for four years. This information will be used to form part of the documentation in the event of monetary clawback and benefits tracking.
1.6 Where personal data have not been obtained from you
Your personal data were obtained by us from a public body or credit reference agency.
2. Your rights
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.
You have the right to request that any inaccuracies in your personal data are rectified without delay.
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
You have the right to object to the processing of your personal data.
3. International transfers
As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through an adequacy decision or reliance on Standard Contractual Clauses.
4. Complaints
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.
5. Contact details
The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:
Cabinet Office
70 Whitehall, London
SW1A 2AS
Public Enquiries: Online Contact Form
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
The contact details for the data controller’s Data Protection Officer are: dpo@cabinetoffice.gov.uk