Finance Privacy Notice

What information do we collect


Access to personnel data mainly in the form of employee data though customers and vendor personal data as well as service users may also be identified

Information Governance

Data in relation to subject access requests, data breaches and Freedom of Information requests.  In a small number of cases the information held is very sensitive in similar circumstances to Internal Audit.

Internal Audit

Internal Audit will hold such information for the purposes of sampling and for the investigation of irregularities


Highly sensitive information in relation to child abuse allegations and claimants  health records. All such documentation is carefully protected due its sensitive nature.

Who uses this information?

  • Finance  and Procurement Team
  • Council Service Managers
  • Central Government
  • External Auditors

Why do we use this information?

Information including personally sensitive information is held to protect the Council’s financial interests. The Council is accountable to the local community for the way it spends its money so it is required to report on how it has spent its money which includes compliance with Central Government’s transparency agenda.

What authority does CBMDC have to collect and use this information?

The Council holds the information to fulfil the Council's statutory S151 responsibilities, to ensure the appropriate financial arrangements are in place, to manage the Council’s affairs and obtain value for money.

Who are we likely to share this information with?

Finance do not currently share their information with any other organisations external to the Council except to statutory agencies and regulatory inspectors such as external audit and HMRC.

The service also shares information with its legal representatives including Zurich Municipal Insurance who provide the Council’s claim handing service.

How do we keep this information secure?

The main Finance database is held on SAP Financials as part of the Council's ERP system. This is held on the Council's internal network.  The Service hold its main records on a shared drive for the service or a Council controlled personal area. These areas are only accessible to staff within the Service or in some cases restricted to teams within the Service. There are a number of paper files some with extremely sensitive information which is kept in a lockable storage area in the Service's work location or for historic information the Council’s secure data storage facility at Birklands.

When computers make any decisions about you

There is no automated decision making relating to personal information that is processed by Finance.

When your data gets sent to other countries

No data gets sent to other countries. All information is held within the UK.

How long do we keep this information?

Finance hold the information in accordance with its data retention schedule.  This in some cases requires historic data to be held in relation to assets and long term contracts. Data is generally held to the timescales required to comply with central government's rules including HMRC regulations. Generally personal data should not be held for more than six years however in some cases, sensitive data for instance in relation to Insurance claims may be held for considerably longer.

What are your rights?

You have the right to request CBMDC to stop processing your personal data in relation to any council service.  See our main Privacy Notice for details.

Underline image