Internal Audit Privacy Notice
Carlisle City Council is committed to protecting and respecting your privacy in terms of how we collect, use, store and destroy your personal information.
We are the data controller of the personal information we will collect from you and under the General Data Protection Regulation, this privacy notice is designed to provide you with all the information you have a right to be provided with on why we need to collect your personal data and what we will do with it.
Why are we collecting your personal information?
Carlisle City Council provides an internal audit service because the law states that we must do so. Our internal audit team may process any personal information held elsewhere within the Council (or its contractors and partners) in order to assess and provide assurances on the arrangements for governance, risk management and internal control within the service area.
The Internal Audit team will also process personal information collected as part of the National Fraud Initiative for the prevention or detection of crime, fraud or errors. Additionally, personal information may be processed in relation to fraud investigations.
In order to deliver these services Internal Audit are required to collect, store, use, share and dispose of personal information, known as data processing.
What allows us to collect your personal information?
Data processed by the Council about Internal Audit provision is processed because:
▪ It is required by law
▪ It is necessary to provide a Council service which is part of our public task
The legislation, policies and guidance that allow us to do this includes, but is not limited to:
▪ The Local Government Act 1972
▪ Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017
▪ The Accounts and Audit Regulations Act 2015
▪ Fraud Act 2006
▪ Carlisle City Council’s Constitution
If we require your permission to process your personal information, we will ask you. If you wish to withdraw your consent, you can do so through contacting [email protected]
What personal information will we collect?
The information Internal Audit collects is dependent upon the reasons it is required. Internal Audit will not collect unnecessary information; information collected may include:
▪ Names, addresses and signatures
▪ Dates of birth
▪ Correspondence and e-mails including contact details
▪ National Insurance Number
▪ Financial information, including bank and card payment details
▪ Registerable interests
▪ Any other information collected by the Council (see other privacy notices)
What will we do with your personal information?
Your information is held securely within the UK.
We will not use your information for any purpose other than that for which it was collected unless we are able or required to by law.
To provide you with good quality services and to meet our legal obligations, we will sometimes share your personal information between teams within the Council. It is unlikely that Internal Audit would share information with external partners and agencies (other than the Police if the information relates to suspected criminal activity). If information was shared externally it would only be done so with the permission of the original data processor within the Council.
We may also provide personal information to third parties, but only where it is necessary, either to comply with the law or where permitted under data protection legislation.
How long will we keep your personal information?
All records are kept in compliance with the Financial Services Retention Policy. The length of time we keep information is 6 years.
Your rights are:
▪ To be informed
▪ To access your personal information
▪ To have inaccurate personal information rectified
▪ To have personal information erased
▪ To restrict processing of your personal information
▪ To obtain and reuse your personal information for your own purpose
▪ To object to the processing of your personal information
▪ To not be subject to decisions based solely on automated means, including profiling
Should you be unhappy with the way Carlisle City Council has handled your personal information, we encourage you to let us know so that we can look into this for you and provide a response.
Should you then wish to lodge a complaint with ICO you can contact them at:
Address: Information Commissioner’s Officer, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Carlisle City Council can be contacted at: Address: Civic Centre, Carlisle, Cumbria, CA3 8QG Email: [email protected]
Telephone: 01228 817200
Carlisle City Council’s Data Protection Officer can be contacted at: Address: Civic Centre, Carlisle, Cumbria, CA3 8QG Email: [email protected]