National Fraud Initiative
Privacy Notice – National Fraud Initiative
Borders College is providing you with this information to comply with data protection law and to ensure that you are fully informed and we are transparent in how we collect and use your personal data.
Who is collecting the information?
Borders College is the Data Controller. We have an appointed Data Protection Officer (DPO), who can be contacted by emailing: email@example.com
This privacy statement relates to the following process:
Sharing Data with Audit Scotland: National Fraud Initiative
This College is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
On behalf of the Auditor General for Scotland, Audit Scotland appoints the auditor to audit the accounts of the College. It is also responsible for carrying out data matching exercises under the National Fraud Initiative.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This will include personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified but the inclusion of personal data within a data matching exercise does not mean that any specific individual is under suspicion. Where a match is found it indicates that there may be an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The exercise can also help bodies to ensure that their records are up to date.
Audit Scotland currently requires Borders College to participate in a data matching exercise to assist in the prevention and detection of fraud. We are required to provide particular sets of data to Audit Scotland for matching. The exact nature of the data supplied is set out in Audit Scotland’s instructions, which can be found at: http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative
The use of data by Audit Scotland in a data matching exercise is carried out under their statutory authority, normally under its powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the Data Protection Act 2018. Data matching by Audit Scotland is subject to a Code of Practice. This may also be found at: http://www.audit-scotland.gov.uk/our-work/national-fraud-initiative
For further information on Audit Scotland’s legal powers and the reasons why it matches particular information, see the full text privacy notice at: http://www.audit-scotland.gov.uk/our-work/nationalfraud-initiative
Our legal reason for processing the data is that use is necessary for the performance of a task in the public interest. Article 6, (1), (e)
Special category (sensitive) data: Processing is necessary for reasons of substantial public interest and is authorised by domestic law proportionate to the aim pursued. The legal basis for processing your special category and criminal convictions data is Article 9 (2) (g) substantial public interest, and sections 6, 10, 11, and 12 of schedule 1 to the Data Protection Act 2018.
The following rights are rights of data subjects:
- The right to access your personal data
- The right to rectification if the personal data we hold about you is incorrect
- The right to restrict processing of your personal data
The following rights apply only in certain circumstances:
- The right to withdraw consent at any time if consent is our lawful basis for processing your data
- The right to object to our processing of your personal data
- The right to request erasure (deletion) of your personal data
- The right to data portability
Complaints to UK Information Commissioner’s Office (ICO)
If you are concerned about how your personal data is being used by the College, in the first instance please contact the College Data Protection Officer (DPO) at firstname.lastname@example.org. If you are not satisfied with the outcome then you can complain to the regulator of data protection, the UK Information Commissioner’s Office (ICO). The ICO has guidance on their website here: https://ico.org.uk/your-data-matters/raising-concerns/
You can email them at email@example.com or call them on 0303-123-113 or you can send a letter to them at the following address:
Information Commissioner's Office