The Kent Intelligence Network privacy notice
This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you. We are required to give you this information under data protection law.
Who we are
The Kent Intelligence Network (KIN) is a collaboration arrangement between Kent local authorities including Kent County Council, Medway Council, Kent and Medway Town Fire Authority, and the Kent district/borough and city councils. We lead the KIN and should be your first point of contact if you have any concerns or enquiries.
This privacy notice describes how the KIN will use and secure your information and protect your privacy. It sets out the standards we apply, how you can help us keep your information up to date, and your rights as a citizen.
The notice will be reviewed annually and updated to take account of any changes in legislation or our policies.
Personal information we collect and use
Information collected by us
The information we collect may include personal data such as:
- your name
- your date of birth
- details of any services you have accessed or used.
How we use your personal information
After linking information from different services, we only refer potential mismatches for further investigation when the mismatch indicates possible fraud, error or corruption. No assumptions are made as to whether there is fraud, error or other explanation until an investigation is carried out. Only a very limited number of employees can view this information.
We promise to respect the privacy and confidentiality of your personal information.
Our commitment to you is that your personal information will be:
- used only in ways that are fair and lawful
- used only for the purposes stated
- protected and handled securely
- viewed or accessed by employees only on a ‘need to know’ basis
- processed in a way that does not result in further investigation unless there is evidence of fraud or corruption
- not made available or sold for commercial use (such as marketing)
- shared only with trusted members of the KIN who are bound by written information sharing agreements that establish their fairness and lawfulness.
In return, to help us keep your information reliable and up to date, we ask you to:
- give accurate information when applying for or using public services
- tell us as soon as possible of any changes, such as a new address.
When handling your personal information, we will:
- protect your privacy and confidentiality
- value your trust and confidence
- act fairly and lawfully
- assess the impact on your privacy when making changes to the way we work
- train employees so they understand the importance of good data protection and hold them to account for their actions when handling your information
- act promptly to investigate any incident that may affect your privacy.
How long your personal data will be kept
We will only retain your personal data for as long as necessary. When your personal data is no longer needed it will be securely deleted in accordance with the following parameters:
- unactioned referrals – within 6 months from the date of referral
- closed, no further action referrals – within 6 months from the date referral closed
- referrals resulting in investigation – date case resolved + 6 years
- campaign data retention – within 6 months of campaign data being resupplied, or within 1 month if campaign data is to be overwritten and has not been used.
Reasons we can collect and use your personal information
The KIN aims to detect, prevent and deter fraud and corruption affecting Kent authorities’ public services. It does this by bringing together information about those who use Kent and Medway public services and determining whether the information held is consistent. The information is processed in a way that minimises the identification of individuals unless there is significant evidence of fraud or corruption.
Who we share your personal information with
Kent authorities hold information about you in order to provide you with services. The KIN brings this information together and where appropriate links it to other public services that hold information about you. These may include specified anti-fraud organisations and credit referencing agencies, such as TransUnion.
The information we share may include your name, address, date of birth and details of any services you have accessed or used. In limited circumstances, we may share your information with third parties without telling you. This will only be where the law requires us to, for example, crime prevention and detection purposes under the General Data Protection Regulation 2018.
You have the right to access personal information we hold about you under the General Data Protection Regulation. This right can be withheld in certain circumstances, such as when investigating fraud. The Freedom of Information Act 2000 gives members of the public the right to access non-personal information held by a public body, subject to certain conditions.
To help us give you the information you want, you will need you to tell us which member organisation of the KIN you have been dealing with and why you believe we hold information on you.
If we do hold information about you, we will:
- give you a description of it
- tell you why we are holding it
- tell you to whom it could be disclosed
- let you have a copy of the information in an intelligible form.
Keeping your personal information secure
Employees working for the KIN member organisations are trained to respect your privacy and protect your personal details in strict confidence and in compliance with the General Data Protection Regulation. Deliberate or negligent breaches of the GDPR are disciplinary offences.
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.