About this notice
This privacy notice explains what to expect when Public Sector Audit Appointments Limited (PSAA) collects personal information in the course of its business operations. The notice applies to information we collect about:
- individuals in specific posts at audited bodies that have opted into PSAA’s national auditor appointment scheme, in connection with PSAA’s responsibilities as a specified appointing person under the Local Audit and Accountability Act 2014;
- individuals in specific posts at audited bodies for which PSAA has appointed an auditor under the transitional arrangements made by the Secretary of State for Communities and Local Government;
- individuals in organisations that are key stakeholders for PSAA, in connection with its statutory responsibilities;
- individuals who are chairs of the audit committees for principal local government bodies that are subject to the requirements of the Local Audit and Accountability Act 2014;
- partners and employees of audit firms with which PSAA has, or has previously managed, audit contracts;
- individuals at suppliers of goods and services to PSAA;
- job applicants, current and former employees, current and former Board and audit committee members;
- members of the public making enquiries or complaints to PSAA; and
- visitors to our website.
The information we collect
PSAA is responsible for appointing external auditors to principal local government bodies. From 1 April 2018 this responsibility relates to the bodies that are opted-in bodies under the provisions of the Local Audit and Accountability Act 2014. Except for the financial and human resources information we require to run our company, the personal information we collect relates to our auditor appointment duty.
Individuals at audited bodies to which PSAA appoints the auditor
PSAA is required under the Local Audit (Appointing Person) Regulations 2015 (the Regulations) to appoint an auditor to all opted-in authorities, to oversee the independence of any auditor it has appointed, and to monitor compliance of auditors against the contractual obligations of PSAA’s audit contracts. The Regulations require PSAA to maintain and publish on its website a record of the principal authorities that are opted-in authorities.
Under the transitional auditor appointment arrangements made by the Secretary of State for Housing, Communities and Local Government, PSAA is required to appoint an auditor for all principal local government and police body types listed in schedule 2 of the Local Audit and Accountability Act 2014.
To support these requirements, PSAA records the name and contact details for the chief executive and chief finance officer of each authority, and requires the audit firm it appoints as the auditor to update the details on a at least a quarterly basis. Names and contact details are retained for a period of up to five years for opted-in bodies, subject to the length of the appointing period as defined in the opt-in invitation process. For bodies that have not opted in, PSAA collects contact details from publically available sources to discharge its communication responsibilities as set out in the Regulations, and updates these details annually, without retaining outdated records. Details are not shared outside PSAA or the appointed audit firm.
Individuals at PSAA’s other stakeholders
PSAA’s duties require it to communicate with or consult a variety of national stakeholders. For example, the duty to specify a scale of fees requires PSAA to consult representative associations of principal authorities and bodies of accountants. PSAA therefore records the name and contact details for relevant individuals at key stakeholder organisations. Details are updated annually and outdated records are not retained. Details are not shared outside PSAA.
Individuals who are chairs of audit committees
PSAA considers that its role as an appointing person carries an obligation to share knowledge and practice in relation to the aspects of local audit for which it is responsible. We therefore maintain a record of the names and contact details of the audit committee chair for all relevant authorities per schedule 2 of the Local Audit and Accountability Act 2014. We use these contact details to inform individuals of events and resources that may be helpful to them in their role. Details are updated periodically and outdated records are not retained. Details are not shared outside PSAA.
Partners and employees of audit firms
PSAA lets contracts with audit firms to audit the accounts of bodies that have opted into the national appointing person auditor appointment scheme. Details of the firms with contracts for the current appointing period are available on the procurement outcome page of our website. PSAA maintains records of the name and contact details of the contact partner for each firm, and of the engagement lead and audit manager allocated by the firm for the opted-in bodies to which it is appointed by PSAA. The name and contact details for each engagement lead and audit manager for each opted-in body are published in a directory of auditor appointments on our website.
Details are updated by firms where needed on a quarterly basis and retained by PSAA for a period of twelve years, to discharge the responsibility to make an independent appointment.
Suppliers of goods and services to PSAA
PSAA maintains records of its suppliers of goods and services, including names and contact details of individuals where needed to support contract and payment management. Details are retained for a period of six years after the financial year to which the details relate.
Reflecting its role in managing and safeguarding public money in the form of fees charged to audited bodies, PSAA follows the principles of the Local Government Transparency Code, publishing its spending data on its website. This may include the names of individuals.
Job applicants, current and former employees, prospective, current and former Board and audit committee members
PSAA is the data controller for the information you provide, unless otherwise stated.
The information you provide will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements relating to your employment. We will only share information with third parties where this is required to fulfil our legal or regulatory requirements. The information you provide will be held securely by us and our data processors whether the information is in electronic or physical format. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
If your application is successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment. If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.
Members of the public making enquiries or complaints
When we receive an enquiry or complaint we use the personal information provided to respond to the enquirer or complainant. For complaints, we usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant does not want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaints for a period of two years from our response to the complaint.
Visitors to our website
We use a third party service, WordPress.com, to publish our website www.psaa.co.uk. The website is hosted at WordPress.com and managed by Helpful Technology. We use the Google Analytics service to collect standard internet log information. This information is only processed in a way which does not identify anyone, and is used for analysis of visitor patterns. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. Further information about our website is available on the legal page of the site, and on our use of Google Analytics and internet cookies on the cookies page of our website.
Attendees at our events
We use a third party to manage event bookings, but they are only allowed to use information to manage the event booking process. We use the information we hold about the groups of individuals listed above, who may have an interest in our events, in order to provide a service. We only use these details for the purposes of event management and for other closely related purposes. For example, we might use information about people who have attended an event to carry out a survey to find out if they are happy with the quality of the event they received.
The name, job title and organisation of event attendees will be included in the event documentation that is made available to everyone attending the event.
If you do not want us to collect, use or transfer your personal information in this way then you should (depending on what it is you object to) contact firstname.lastname@example.org and ask for your information to be deleted.
Contacting us by email
Any email sent to PSAA, including any attachments, may be monitored by us for reasons of security. Email monitoring or blocking software may be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
Links to other websites
This privacy notice does not cover the links within this site to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 15 March 2018.
How to contact us