Discretionary Business Grants Scheme Privacy Notice

Who is the Data Controller for the information I provide?

Liverpool City Council (LCC).

Why we collect your data

We collect this information so that we can:

  • assess your application for eligibility for financial support
  • confirm account validity
  • confirm your identity
  • make payments of the awards
  • send reports to Government departments
  • detect and prevent fraud and error
  • make sure public money is correctly used

What is the legal basis for collecting and processing this data?

LCC will be processing personal data to administer and award discretionary grant according to the following lawful basis:

  • Article 6 (1) (e) GDPR ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.’
  • Article 9 (2) (b) GDPR provides MHCLG with the lawful basis for processing ‘special category (sensitive) data: ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to the Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.’
  • Article 9(2)(g) GDPR “processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.”

Information we may collect

The categories of information being processed include:

  • Business name and contact details
  • Name and contact details of business owner
  • Business Financial information – such as banking details, accounts and payment details.
  • Business personnel records
  • Evidence to demonstrate a substantial loss in income as a result of the pandemic
  • Evidence of complying with the definition of an SME
  • Evidence of State Aid compliance
  • Other relevant information needed to process your application, such as evidence of property costs

Do I have to provide this information and what will happen if I don’t?

If you are not able to provide some or all of the information we may not be able to assess your application for discretionary grant.

Who is your data shared with?

  • government departments, and other public bodies e.g. HMRC, Department for Work and Pensions, Home Office, Department for Business, Energy & Industrial Strategy, Ministry for Housing, Communities and Local Government
  • other Liverpool City Council teams so they can carry out their statutory roles and support our service eg social services, housing, environmental services, complaints, legal services and Business Rates teams
  • All organisations we pass your information to will have an information-sharing agreement with us to ensure they meet the standards of the GDPR and the Data Protection Act 2018, and will be covered by a legal basis allowing them to collect, use and share your personal information.

How will my information be stored?

Data is stored in a range of different places, including in the LCC IT systems including email systems.

LCC takes the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by its employees in the performance of their duties.

How long will you keep this information for?

Personal data will not be retained for longer than necessary in relation to the purposes for which they were collected. There is usually a legal reason for keeping your personal information for a set period of time – this ranges from months for some records to years for more sensitive records.

We securely destroy all information once we have used it and no longer need it.

Your rights

The GDPR provides you with the following rights, subject to lawful data requirements, when it comes to your personal data:

  • The right to be informed how your personal data is being processed
  • The right of access to the personal data we hold about you, which includes providing copies of the information to you within one month of a request. We may charge a reasonable fee to provide this information based on our administrative costs of responding (i.e. photocopying, postage, etc.
  • The right to rectification of any incorrect or incomplete data we hold about you
  • The right to erasure, also known as ‘the right to be forgotten’, where:
    • Your information is no longer required for the purpose it was collected
    • You withdraw your consent
    • You object to LCRCA processing your information and there is no overriding legitimate interest for continuing the processing.
    • LCRCA has breached the GDPR when processing your data
    • There is a legal obligation to delete the data such as a court order
  • The right to restrict processing, which limits what the LCRCA can do with your information.
  • The right to data portability, where any automated processing of your information based on your consent or as part of a contract is made available for your reuse.
  • The right to object to direct marketing or any processing based on the performance of a task in the public interest/exercise of official authority or for the purposes of scientific/historical research and statistics.
  • Rights in relation to automated decision making and profiling, where a decision made by a computer has a legal or significant effect on you.
  • For further details see How to access your data.

Where can I get advice?

See our Help and advice page for more information.

The right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint regarding the processing of your personal data to the UK’s supervisory authority, the Information Commissioner, who can be reached using the details below:

The Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Cheshire SK9 5AF


Tel: 0303 123 1113

National Fraud Initiative

We participate in the Cabinet Office's National Fraud Initiative (NFI) which is an exercise that matches electronic data within and between public and private sector bodies to prevent and detect fraud.  We are required by law to provide particular sets of data, including personal data, to the Minister for the Cabinet Office for matching.

The use of data for the NFI exercise is carried out with statutory authority under part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under Data Protection legislation and General Data Protection Regulations 2018.

Data matching by the Cabinet Office is subject to a Code of Practice.

You can view information on what data we share and the Cabinet Office's legal powers and the reasons why it matches particular information.