This privacy statement covers liverpoolcityregion-ca.gov.uk and any other websites that include ‘liverpoolcityregion-ca.gov.uk’ in the address.
When you use these websites you are agreeing to this statement, and any additional statements on individual pages within the sites.
We may change this information without notice, so you should revisit this page and any other relevant pages from time to time.
Respecting your privacy
We respect your privacy. Information you provide, or that is gathered automatically, helps us monitor our service and provide the services you are entitled to as a visitor to our website.
We treat incoming emails and forms in the same way as other communications we receive.
Emails sent through the internet may not be secure. They could be intercepted and read by someone else. Please consider this before you send personal or sensitive information by email.
We aim to have a secure and reliable website, and use appropriate security technology to protect any personal data we may process about you. But your use of the internet, and this website, is entirely at your own risk. We have no responsibility or liability for the security of personal information transmitted over the internet.
We don’t make your personal details available to other companies for marketing purposes.
If requested we may share information with law-enforcement or government authorities, for a criminal investigation.
Cookies are files which can be stored on your computer when you visit a website, they cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
Enabling a service to recognise your device so you don't have to give the same information several times during one task
Measuring how many people are using services, so they can be made easier to use and there's enough capacity to ensure they are fast
Analysing data to help us understand how you use online government services so we can improve them
How to restrict or block cookies
You can restrict or block cookies through your browser settings. The Help function within your browser should tell you how. You can find more detailed information about cookies and how to restrict or block them and how to delete them from your computer on the About Cookies website.
For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.
To improve our service, we collect anonymous web statistics.
They store several cookies on users’ computers or mobile devices to tell us how many people have visited each web page, how they got there, and where they navigated to from there. The data collected is completely anonymous and does not store any personal details.
Changing your cookie settings
You can change your computer settings at any time to accept all cookies, to notify you when a cookie is issued, or not to receive cookies. How you do this depends on your web browser.
Find out more at www.aboutcookies.org
Links with other websites
Our site contains links to and from other websites. The Liverpool City Region Combined Authority (LCRCA) does not necessarily endorse or support the organisations that are linked to or from our website. We cannot guarantee that links will work all of the time, and we have no control over the availability of the linked pages on other websites.
Please be aware that other websites may deal with privacy differently from LCRCA and we can take no responsibility for the privacy practices or the content of any linked websites. If you decide to access websites linked to ours, you do so at your own risk.
We welcome other websites to link to the information that is hosted on these pages. You do not have to ask permission to link but we can provide wording and linking graphics.
Virus and malware protection
We make every effort to check and test the material on our site for malicious software or 'malware'. However, LCRCA cannot accept any responsibility or liability for any loss, disruption or damage to your computer system or information contained on it, which may occur as a result of using material from our site. It is always advisable to run an anti-virus program on any material downloaded from the internet.
If an email infected with malicious software is sent to us, it will be deleted automatically before it reaches our email system. Please be aware that if you have unintentionally sent us an email infected with malicious software, it will not reach us. If you don't receive acknowledgement of your email within 10 working days, please contact us using the online enquiry form.
Fair Processing Notice National Fraud Initiative
Identity and contact details of the controller and where applicable, the controller’s representative) and the data protection officer
If you have any questions about how your information is being used you can contact our Data Protection Officer at
DPO@merseytravel.gov.uk or 0151 330 1679
1 Mann Island
The Cabinet Office also acts as a data controller for this information. This is because they conduct the data matching exercise. They can be contacted at:
Head of the NFI
10 Great George Street London
The Cabinet Office’s Privacy Notice for the NFI can be found at this link
Further details of the NFI can be found on the Cabinet Office’s website at this link
Purpose of the processing and the legal basis for the processing
Your information is being used by Merseytravel and the Cabinet Officer as part of the NFI, and we are able to do this as part of our legal obligation to protect public funds This is a statutory function under Part 6 of the Local Audit and Accountability Act 2014.
Description of the categories of personal data
We submit data in accordance with the data specifications for Trade Creditors and Payroll.
The detailed data specifications can be found at this this link
Any recipient or categories of recipients of the personal data
Your information will be shared with for the purposes of the NFI.
Your personal data will be shared with the Cabinet Office, who will then further share your data as necessary for the purposes of preventing and detecting fraud with:
- the Auditor General for Wales
- the Comptroller and Auditor General for Northern Ireland
- the Auditor General for Scotland
- the Accounts Commission for Scotland and Audit Scotland
And with mandatory participants who include:
- District and county councils
- London and metropolitan boroughs
- Unitary authorities
- Police authorities
- Fire and rescue authorities
- Pension authorities
- NHS Trusts and strategic health authorities
- Foundation Trusts
- Clinical Commissioning Groups
- Passenger transport authorities
- Passenger transport executives
- Waste authorities
- Greater London Authority and its functional bodies
In addition, the following bodies provide data to the NFI for matching on a voluntary basis:
- Private sector pension schemes (various)
- Home Office
- Metropolitan Police – Operation Amberhill
- Special health authorities
- Housing associations
- Probation authorities
- National park authorities
- Central government pensions schemes
- Insurance Fraud Bureau
- Central government departments
- Other private organisations/companies/credit reference agencies
The Cabinet Office will share records containing personal data with HMRC. These will be matched against HMRC records and additional HMRC information appended and fed back to the NFI. The HMRC matching will seek to identify persons at the address provided and relevant income related information.
Data matching services are then provided to the NFI by the Department for Work and Pensions, and the Cabinet Office’s IT Supplier.
Retention period or criteria used to determine the retention period
Your data will be kept by the Cabinet Office for the periods set out in their Data Deletion Schedule (pending release following consultation).
The existence of each of data subject’s rights
The GDPR provides you with the following rights when it comes to your personal data:
- The right to be informed how your personal data is being processed
- The right of access to the personal data we hold about you, which includes providing copies of the information to you within one month of a request. We may charge a reasonable fee to provide this information based on our administrative costs of responding (i.e. photocopying, postage, etc.).
- The right to rectification of any incorrect or incomplete data we hold about you
- The right to erasure, also known as ‘the right to be forgotten’, where
- Your information is no longer required for the purpose it was collected
- You withdraw your consent
- You object to Merseytravel processing your information (and there is no overriding legitimate interest for continuing the processing)
- Merseytravel has breached the GDPR when processing your data
- There is a legal obligation to delete the data (such as a court order)
- The right to restrict processing, which limits what Merseytravel can do with your information
- The right to data portability, where any automated processing of your information based on your consent or as part of a contract is made available for your reuse
- The right to object to direct marketing or any processing based on the performance of a task in the public interest/exercise of official authority or for the purposes of scientific/historical research and statistics.
- Rights in relation to automated decision making and profiling, where a decision made by a computer has a legal or significant effect on you.
The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint regarding the processing of your personal data to the UK’s supervisory authority, the Information Commissioner, who can be reached using the details below:
The Information Commissioner’s Office
www.ico.gov.uk or 0303 123 1113
The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences. [where applicable]
Your personal data will be subject to the following automated profiling (as defined in Article 4, paragraph 4 GDPR):
Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The processing of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under its powers in Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under data protection legislation or the GDPR.
All bodies participating in the Cabinet Office’s data matching exercises receive a report of matches that they should investigate, so as to detect instances of fraud, over- or under-payments and other errors, to take remedial action and update their records accordingly.
Terms and conditions
These terms and conditions cover liverpoolcityregion-ca.gov.uk
When you use this website you are agreeing to accept these terms and conditions, and any additional terms on individual pages within the sites.
We may change this information without notice, so you should revisit this page and any other relevant pages from time to time.
Copyright and use of content
Unless expressly stated the copyright and other intellectual property rights (such as design rights, trademarks, patents etc.) in any material provided on this website remains the property of the Liverpool City Region Combined Authority (LCRCA) (or as, the case may be, another rightful owner). LCRCA-owned material on the website, including text and images, may not be printed, copied, reproduced, republished, downloaded, posted, displayed, modified, re-used, broadcast or transmitted in any way, except for the user’s own personal non-commercial use.
All content is available under the Open Government Licence, except where otherwise stated
Disclaimer and limitation of liability
We have taken all reasonable care to compile information and material on this website, but we are not responsible for any loss, damage or inconvenience caused by any inaccuracy or error.
Liverpool City Region Combined Authority, our suppliers and any third-parties mentioned on the site are not liable for any damages arising from the use of, or inability to use, this site, or any websites linked to this site.