Internal Audit and Counter Fraud Privacy Notice

This Privacy Notice is regularly reviewed and may be updated or revised at any time. It was last updated in August 2025. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.

  1. Introduction
  2. What personal data do we collect?
  3. How we use personal data
  4. Legal Basis for processing
  5. Who do we share personal data with?
  6. How long do we keep personal data?
  7. Automated decisions
  8. Your rights
  9. Data Protection officer.

Introduction

Our core data protection obligations and commitments are set out in  Wigan Council Primary Privacy Notice

This notice provides additional privacy information for the Internal Audit and Counter Fraud team and explains what personal data is collected, what it is used for and who it is shared with.

What personal data do we collect?

To carry out activities and obligations as an Internal Audit and Counter Fraud team we process the following personal data:

  • Personal information including name, address, date of birth, telephone number, email address, gender, marital status and nationality
  • Employment information including employer details, national insurance number, salary details, salary payments, employment dates, sickness record and next of kin
  • Financial information including bank account details, banking transaction details, income and expenditure details, credit history and pension details
  • Financial information regarding appraisal of potential contractors’ financial standing
  • Household composition
  • Written statements and recordings of interviews conducted
  • Information gathered as part of an investigation or proactive exercise
  • Any information held on council systems and where appropriate systems of partner organisations pertinent to our activities and obligations.  

We also process the following Special Category Data:

  • Health-related data including information collected to assess eligibility for benefits
  • Health, racial or ethnic origin data may also be collected during a stage 2 complaints review process
  • Physical and mental health, or disability status may be collected to review risks and controls around Council services such as adult services provision or to audit grants for property adaptations and other spend related to these health conditions.

We also process the following Criminal Offence Data:

  • Allegations and investigations of potential criminal offences.

How use personal data

The main purposes for processing your personal data are:

  • To provide assurance over the Council’s systems of governance, risk management and internal control
  • To perform consultancy and advisory services
  • To provide an internal audit service in accordance with the Global Internal Audit Standards in the UK Public Sector
  • To detect, investigate and prevent misconduct, fraud or corruption across Council services
  • To investigate Stage 2 complaint referrals.

Legal Basis for processing

The lawful basis we rely on for processing your personal data is:

  • It is necessary to fulfil a legal obligation under the following:
    • Section 151 of the Local Government Act 1972
    • Local Government Finance Act 1992
    • Fraud Act 2006
    • The Accounts and Audit Regulations 2015
    • The Police and Criminal Evidence Act 1984
    • Criminal Procedure and Investigations Act 1996
    • The Council Tax (Administration and Enforcement) Regulations 1992 (as amended)
    • Local Audit and Accountability Act 2014 (Part 6)
    • Prevention of Social Housing Fraud Act 2013.
  • It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority

The condition we rely on for processing your special category data is:

  • Reasons of substantial public interest
    • Statutory etc and government purposes
    • Preventing Fraud.

The condition we rely on for processing your criminal data is:

  • Substantial Public Interest: Preventing Fraud.

Who do we share personal data with?

In addition to the general reasons for data sharing described in the Council’s Primary Privacy Notice, we share and retrieve data with the following when required:

  • Other teams within Wigan Council
  • Other local authorities
  • Government departments and agencies
  • National Anti-Fraud Network
  • Police
  • Judicial agencies, e.g. Courts
  • The Local Government Ombudsman and Housing Ombudsman Service as requested as part of any ongoing complaint investigations
  • The Council’s external auditors.

This is not an exhaustive list.

How long do we keep personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any future legal, accounting, or reporting requirements.

We must continue to retain necessary data in accordance with our corporate records policy to fulfil legal, statutory and regulatory requirements.

Automated decisions

All the decisions we make about you involve human intervention.

Your rights

More information on how to seek advice to exercise your rights, raise a concern or complain about the handling of your personal data by the council can be found in at Wigan Council Primary Privacy Notice.

Data Protection Officer

If you wish to raise a concern or seek clarification about any aspect of this notice, please contact our Data Protection Officer. Please provide documents to prove your identity along with a description of your concern.

We will respond to all requests within one month.

If you are unhappy with the way that we handle your concern you may complain to the Information Commissioner’s Office (ICO) (external link).

Document information

Owner: John McDonald, Assistant Director - Finance

Author: Andrea Richards, Strategic Audit and Risk Manager Chief Internal Auditor

Version and date: V1.0 August 2025