Skip to main content

Audit and Assurance Privacy Notice

Our core data protection obligations and commitments are set out in the organisation’s primary privacy notice.

This notice provides additional privacy information for: individuals for whom we share data with the Cabinet Office under the National Fraud Initiative; and also for persons who may become party to a fraud investigations.


Purposes

We hold your personal information for the following purpose(s):

  • Fraud prevention and detection

Categories of personal data

In order to carry out these purposes we collect and obtain:

  • Personal details;
  • Financial details;
  • Goods and services provided;
  • Case file information;
  • business activities of individuals;
  • Employment and education details;
  • Visual images, personal appearance and behaviour;
  • Details of complaints;
  • Family details;
  • Incident and accident details; and
  • Licenses, permits or certificates held;

We may also collect, store and use the following special category personal information:

  • Race or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Health;
  • Sex life;
  • Sexual orientation;
  • Criminal Offence data.

Legal basis for processing

The legal basis we rely on for processing your personal information is:

  • The processing is necessary to meet our legal obligations in the Accounts and Audit Regulations 2015; and/or
  • The processing is necessary for the performance of a task carried out in the public interest.

The legal basis we rely on for processing your special category personal information is:

  • The processing is necessary for the purpose of protecting the public against dishonesty;
  • The processing is necessary for the purpose of regulatory requirements relating to unlawful acts and dishonesty; and/or
  • The processing is necessary for the purpose of preventing fraud.

Information sharing recipients

We may share personal information about you with the following types of organisations:


Sources of personal data other than the data subject

As well as information directly collected directly from you, we also collect or receive information from:

  • Other departments in TfGM e.g. payroll, finance
  • For fraud investigations a number of external sources may be used dependent on the investigation, for example liaison with the police or interviewing third parties.

Automated decisions

For this processing, all the decisions we make about you involve human intervention


Data retention criteria

Our Retention Schedule outlines how long we retain certain types of information for.


Rights of individuals

You have a right to be informed about how and why your personal information is being processed. This notice fulfils that obligation. You also have a number of other rights.

Information about the following rights is available in our Guide to Exercising Your Rights:

  • Contacting our Data Protection Officer;
  • Raising a concern with us; and/or
  • Making a compliant to the Information Commissioner

Updates

We may update or revise this Privacy Notice from time to time and provide supplementary privacy information as is necessary to TfGM’s current workforce.