This notice provides details of what information we collect from you, what we do with it, and who it might be shared with.
Identity and contact details of the controller and the data protection officer
Falkirk Council is the data controller. You can contact the data protection officer at:
Frequently asked questions
Why do we collect this information?
We have an obligation under section 95 of the Local Government (Scotland) Act 1973 to protect public funds. To this end, the Internal Audit, Risk and Corporate Fraud Team may make enquiries, and collect information, both internally and with external agencies.
The information is being collected for the following purposes:
- To establish the adequacy of the Council's arrangements for risk management, governance and control
- To ensure the Council's proper administration of its financial affairs
- To prevent and detect crime
- To apprehend or prosecute offenders
- To assess or collect a tax, duty or an imposition of a similar nature
- To check that current information held is accurate
The legal basis for each purpose is set out below:
|Performance of a contract
|Task carried out in the public interest
The following legislation is relevant:
- The Local Government (Scotland) Act 1973
- The Public Interest Disclosure Act 1998
- The Public Finance and Accountability (Scotland) Act 2000 (enables disclosure of data to Audit Scotland for data matching purposes)
- The Bribery Act 2010
What information do we collect about you?
We may collect information about, but not restricted to, the following:
- financial transactions of the Council (including the Falkirk Pension fund)
- payments to staff, elected Members, or partner organisations
- regulatory transactions, for example those relating to Licensing, Planning, and Building Standards
- records relating to the Council's housing and commercial property portfolios
- records relating to the employment and management of staff and elected Members of the Council
- customer and client records
- records (and metadata) held within the Council's IT systems (whether hosted locally or remotely)
Where do we collect information from?
In undertaking its role, the Internal Audit, Risk, and Corporate Fraud team may disclose information to, and receive information from, a range of external bodies. These may include, but are not restricted to:
- Police Scotland
- Crown Office and Procurator Fiscal Service
- Other Local Authorities
- Government bodies including HMRC and DWP
- NHS (including NHS Counter Fraud Services)
- Credit Reference agencies
- Service Providers
- Arms' Length organisations
- Regulatory bodies
- Telecommunications providers
Who might we share your information with?
Please see section above.
Will we send your information outwith the UK?
We do not transfer your information outwith the UK.
How long do we keep hold of your information?
We keep your information as long as required by law or by our business requirements. We have a Business Classification Scheme in place which sets out the types of records we hold, and how long we hold them – you can access the relevant part of the Scheme in the document below:
What are my rights in relation to the information held about me?
You have the following rights:
- To see any information held about you by making a subject access request.
- To withdraw consent at any time, where the legal basis for processing is consent.
- To data portability, where the legal basis for processing is (i) consent or (ii) performance of a contract.
- To request rectification or erasure of your information, where data protection legislation allows this.
Do I have a right to complain about the way information has been used?
If you have a concern about the way we are collecting or using your personal data, please let us know and we will try to resolve this. If you are still concerned, you can contact the Information Commissioner:
Do I have to provide my personal data to you?
You do not have to provide information to us.
Do you use any automated processes to make decisions about me?
The National Fraud Initiative (NFI) makes some use of automated decision-making processes and profiling. However no decisions in relation to individuals are made without a human scrutinising the results first and the process is not wholly automated. For more details see:
This notice was last updated in October 2019.