Internal Audit: privacy
Service area covered by this privacy notice
Internal Audit
Purpose of the processing
The Council processes personal information for the following purposes:
- to provide assurance over the Council’s systems of governance, risk management and internal control
- to make provision for internal audit in accordance with the Public Sector Internal Audit Standards
- to perform consultancy and advisory services related to governance, risk management and internal control as appropriate
- to safeguard resources and assets, including data
- to advise on commissioning and procurement
- investigating errors and allegations of fraud and corruption
Lawful basis for processing personal data
- legal obligation
- public task
Categories of personal data being processed
- name
- address
- date of birth
- telephone number
- occupancy status
- occupancy dates
- employment details
- pension details
- unique taxpayer reference
- income and expenditure details
- NI number
- e-mail address
- name of dependents
- photo ID
- financial Information, including bank details
- Disclosure and Barring Service information
- benefit information
- grant information
- revenues information
- supplier details
- customer details
- payroll information
Special categories of personal data being processed (if appropriate)
- nationality
- health data
- ethnic origin
- religion
- trade union membership
- sexual orientation
Conditions for processing special categories of personal data
- substantial public interest
Who the data might be shared with
- relevant staff
- external audit (Ernst & Young)
- Ombudsman
- the Cabinet Office's National Fraud Initiative
- Department for Work and Pensions
- other local authorities
- Five Councils Partnership Central Client
- other external audit providers
- NHS (Test and Trace)
- Southern Internal Audit Partnership