Financial services privacy notice

This privacy notice is to let you know how we promise to look after your personal information. This notice explains how we do this and tells you about your privacy rights and how the law protects you.

This privacy notice covers the following areas of finance:

  • service finance
  • corporate finance
  • central finance

This section of finance provides a range of financial services to the council and external clients including financial planning and monitoring, statements of accounts, budgeting, financial systems and controls, creditor payments and debtor invoicing, VAT management, insurance and payroll.

What information do we collect?

The type of information we collect will depend on why you have got in touch with us. The information will include some or all of the following:

  • personal, for example: name, address, telephone, date of birth
  • employee information, for example, payroll number, salary, taxation, national insurance, pension details, sickness details
  • bank account details
  • email addresses
  • housing rent account details
  • private vehicle details
  • personal details relating to insurance claims for example CCTV footage, photographs, employment history, medical records and insurance related legal records.

Who uses this information?

Internal to Harrogate Borough Council

  • financial services
  • internal audit
  • all council service managers
  • human resources
  • ICT
  • housing

External to Harrogate Borough Council

  • Natwest Bank
  • Unit 4 (financial management software providers)
  • Midland HR (payroll software providers)
  • HMRC and other statutory bodies including CSA, DWP and the Courts
  • North Yorkshire Pension Fund
  • third party partners for example Computershare, Credit Union and Health Schemes, Unions
  • insurance companies, Loss Adjusters, Solicitors and Barristers in the process of handling and/or defending insurance claims. Claimants and/or their representatives
  • The Cabinet Office to comply with the National Fraud Initiative
  • external auditors

Why do we use this information?

The financial services section holds information about individuals so that it can carry out effective financial management including:

  • processing payments to external individuals
  • processing payments to employees and elected councillors
  • processing payments to/from the council’s suppliers and customers
  • direct debit processing
  • procurement card administration
  • recording transactions on the ledger
  • properly accounting for expenditure and income
  • budget setting and budget monitoring
  • providing financial management information
  • costing staffing budgets
  • providing financial analysis and advice to internal and external customers  
  • management of corporate appointee accounts
  • submission of grant funding claims
  • administering prepaid cards for direct payment clients
  • calculating and setting council housing rents
  • administration of employee car loans and leases
  • managing insurance claims from the public, employees and clients
  • management of the section and all related policies including attendance, performance, conduct etc
  • to deter and detect fraud of public funds

What authority does Harrogate Borough Council have to collect and use this information?

The financial services section processes personal data under the following categories of lawfulness in the General Data Protection Regulation:

  • 6(1)(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • 6(1)(c) processing is necessary for compliance with a legal obligation to which the controller is subject
  • 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • 9(2)(b) processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
  • 9(2)(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
  • 9(2)(j) processing is necessary for archiving purposes in the public interest, scientific, historical research purposes or statistical purposes

The tasks that we carry out in exercise of official authority are mainly required under the following laws (although other legislation applies):

Section 151 of the Local Government Act 1972 requires local authorities to make arrangements for the proper administration of their financial affairs.

The CIPFA Statement on the role of the Chief Financial Officer (CFO) in local government describes the role and responsibilities of the CFO including responsibility for the finance function.

The CFO and the finance function are required to access individuals’ information as necessary in order to carry out the role.

Who are we likely to share this information with?

We may sometimes share the information that we have collected about you where it is necessary, lawful and fair to do so. We may share information with the following groups for these purposes:

  • service providers (including third party providers), professional advisers and auditors who in certain circumstances will also be “data controllers”
  • regulators, the government, local and foreign law enforcement authorities
  • Her Majesty's Revenue and Customs
  • local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws
  • past and present insurance providers, brokers and claims handlers.

Sharing information during the Covid-19 pandemic crisis

Personal data or special category data may be shared with relevant organisations and agencies during the Covid-19 pandemic crisis. The lawful basis for sharing this information is that (1) it is necessary for the performance of a task in the public interest and (2) to protect the vital interests of an individual.

How do we keep this information secure?

Information which is held electronically is either held in files that are held on the council's servers or dedicated databases. These systems are password protected and only accessible to people who need access to them.

Information which is held on paper is either stored in offices which are subject to access controls or in the dedicated archive provision for the council. Where information is removed from the office for operational purposes the amount of this is minimised and staff are trained to ensure that this is kept secure at all times.

When computers make any decisions about you?

The financial services section does not make or use any automated decisions.

When your data is sent to other countries?

We do not send any information we collect about you outside the United Kingdom.

How long do we keep this information?

Please refer to the council's retention schedule for more information on our retentions.

To request this information please contact data protection on

What are your rights?

The rights that you have depend upon the grounds upon which your information is collected. If you would like to access any of the rights below, please email

  • the right of access - you are entitled to see the information we hold about you
  • the right to rectification - if you believe any information we hold about you to be incorrect
  • the right to erasure/right to be forgotten - the section will delete a record unless required to retain by statute
  • the right to restrict processing - should you wish us to limit how we use your data
  • the right to data portability - data will be provided in the event that it is required by another organisation for example through a transfer of services
  • the right to object - in addition to the right to limit the use of your data, you also have a right to object to the use of your data for certain actions