Notice

DESNZ use of the Single Network Analytics Platform (SNAP): privacy notice

Published 2 July 2025

This notice sets out how we will process your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).

The Cabinet Office’s Public Sector Fraud Authority (PSFA) has built and deployed a Single Network Analytics Platform (SNAP) hosted on the secure cross-government cloud to prevent and detect fraud and economic crime in the public and UK’s financial services sector. As part of the project, there is a requirement to understand how UK-registered companies are linked using entity resolution and network analytics. These analytical processes are reliant upon Companies House data – which use your personal data (the non-public Companies House information) to help improve the accuracy of the entity resolution model.

In cases where DESNZ/ICS uses SNAP to risk assess organisations, DESNZ/ICS and the Cabinet Office are joint controllers. For further information about how your data is processed on SNAP please see the SNAP Privacy Notice

The use of this platform enables DESNZ to understand accurately the relationship between companies, company officers and persons with significant control for UK-registered companies (past and present). 

The data will be used for entity resolution, network analysis and to create detection models to identify potential fraud involving limited companies.

We are required under data protection law to notify you of the information contained in this privacy notice.

1. Your data

We will process the following personal data:

Full names, company names, director names, addresses, DOB and usual residential addresses of company officers and persons with significant control

The following personal data will be processed from SNAP:

  • companies House register (including the full names, DOBs and usual residential addresses of company officers and persons with significant control)
  • companies House payments data for statutory fees
  • the UK Sanctions List from the Foreign, Commonwealth & Development Office (FCDO)
  • US Sanctions List from the US Department of the Treasury (OFAC)
  • World Bank Listing of Ineligible Firms and Individuals
  • Offshore Leaks Database from the International Consortium of Investigative Journalists (ICIJ)
  • Financial Services Register of firms, individuals and other bodies that are Prudential Regulation Authority (PRA) and/or Financial Conduct Authority (FCA) authorised
  • serious and organised crime flags from the National Crime Agency relating to UK Registered Companies, company officers and persons with significant control
  • insolvency notices from The Gazette relating to UK-registered companies, company officers and persons with significant control

2. Purpose

The purpose(s) for which we are processing your personal data is:

We use your personal data to identify legal entities such as companies that pose a high risk of public sector fraud.

We do this to support the government’s plan to combat fraud and economic crime as stated in the Economic Crime Plan 2.0. Under action 35 “Review and improve data sharing to support the response to public sector fraud”, a key objective to disrupt fraud and economic crime is to improve the flow of intelligence between public and private organisations. This function is consistent with the PSFA’s Mandate and wider governmental objectives under government standard 013 and fraud prevention.

The legal basis for data processing is UK GDPR 6.1(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case it is for the purpose of assisting in the prevention and detection of fraud against the public sector and the provision of economic crime data partnerships (per the government’s Economic Crime Plan 2.0).

Our use of this data is authorised by Schedule 9 to the Local Audit and Accountability Act 2014, and we have had regard to the Code of Practice on Data Matching

The legal basis relied on for the processing of personal data and criminal convictions data is, as well as Article 6(1)(e) as mentioned above, paragraph 6 of Schedule 1 to the Data Protection Act 2018: the processing is necessary for the exercise of a function of a Minister of the Crown and a government department and is necessary for reasons of substantial public interest (namely the prevention and detection of fraud against the public sector).

4. Recipients

Your personal data will be shared by us with other government bodies (SNAP users), which will include UK government departments, Executive Agencies and Arm’s Length Bodies, and regulated UK banks participating in counter fraud data pilots with the Cabinet Office.

As your personal data will be stored on Cabinet Office  IT infrastructure it will also be shared with our data processors Microsoft and Amazon Web Services.

5. Retention

Your personal data will be kept by us for a period of up to 5 years, or for as long as required by law, or for the duration of any active investigation.

6. Automated decision making

We will not be making automated decisions leading to legal or significant effects for individuals. All information drawn from SNAP will be considered by authorised individuals (human agents).

7. International transfers

As part of our IT infrastructure, your personal data will be stored on systems provided by our data processors - Microsoft and Amazon Web Services. This does not mean we actively share your personal data with these entities; rather, they are technical service providers who host infrastructure supporting our IT systems.

8. Your rights

You have the right to request information about how your personal data are processed, and to request a copy of that personal data.

You have the right to request that any inaccuracies in your personal data are rectified without delay.

You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.

You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.

You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.

You have the right to object to the processing of your personal data where it is processed for direct marketing purposes.

To exercise your rights please contact the Data Protection Officer using the contact details below.

9. Contact details

The lead data controller for SNAP is the Cabinet Office. In cases where DESNZ uses SNAP to risk organisations they are joint controllers with the Cabinet Office. In such cases the Cabinet Office is the lead data controller and information rights requests should be directed to the Cabinet Office in the first instance.  Please see the Cabinet Office SNAP Privacy Notice for details. 

DESNZ is Data Controller for data it processes for its purposes. 

Contact the DESNZ DPO:

DESNZ Data Protection Officer
Department for Energy Security and Net Zero
3-8 Whitehall Place
London
SW1A 2EG

If you are unhappy with the way we have handled your personal data, please write to the Departments Data Protection Officer in the first instance using the contact details above.

10. Complaints

If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator. 

Contact the Information Commissioner's Office (ICO):

Email icocasework@ico.org.uk

Contact form https://ico.org.uk/mak...

Telephone 0303 123 1113

Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.

11. Updates to this notice

If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. The ‘last updated’ date at the bottom of this page will also change.

If these changes affect how your personal data is processed, we will take reasonable steps to let you know.

Last updated: 2 July 2025