Transparency data

Data Usage Agreement: Non-Domestic Alternative Fuel Payment

Published 26 February 2024

© Crown copyright 2024

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/non-domestic-alternative-fuel-payment-2023/data-usage-agreement-non-domestic-alternative-fuel-payment

1. Conditions of disclosure by HMRC

HMRC disclose this information to Business, Energy and Industrial Strategy (BEIS) by virtue of the legal basis of section 56 of the Digital Economy Act (DEA).  Section 56 enables the disclosure of HMRC data from the Registered Dealers in Controlled Oil (RDCO) returns as it would be in line with the statutory purpose of the taking of action in connection with fraud against a public authority for the purposes of supporting the administration of the Non-Domestic Alternative Fuel Payment (NDAFP) scheme, therefore reducing the risk of fraudulent claims on the condition that BEIS undertake to:

  • complete a Data Protection Impact Assessment 
  • adhere to the DEA Code of Practice and complete all relevant documentation and have ministerial approval 
  • adhere to this Data Usage Agreement

BEIS is using delivery partners (XMA1 and Arvato) to support their administration of the NDAFPBEIS and HMRC are content these delivery partners fall within the scope of schedule 8 paragraph 41  of the DEA as those delivery partners are providing services to BEIS in connection with preventing fraud against a public authority (BEIS).  

A Data Protection Impact Assessment is required prior to the exchange proceeding.

DPIA reference number: 10098  Date of DPIA: 26 January 2023

1.1 Purpose

The NDAFP scheme has been developed by BEIS to support non-domestic alternative fuel users not covered by the energy bill relief scheme to ensure that they are appropriately supported. 

The purpose of this RDCO data share is to enable BEIS to reduce the risk of fraudulent applications for the NDAFP.   

HMRC data is necessary for BEIS and its delivery partners to help prevent and detect potential fraud during the application process, as it is the only data held by government that can be used to check heating oil (kerosene) purchases. 

Kerosene is the fuel that government is supporting under the top-up payment portion of the NDAFP

HMRC data will also be used by BEIS alongside additional information during the challenge process of applications to the NDAFP to ensure fraudulent challenges to decisions are identified.

HMRC is content that RDCO data it holds and discloses to BEIS and its delivery partners under this Data Usage Agreement (DUA) supports the stated purpose of BEIS administering the NDAFP scheme.

1.2 Data specification

HMRC compiles returns from RDCO, which lists kerosene purchases from registered dealers taking place across the UK. This data is owned by HMRC.

The information contained on the returns relates to the customer who has purchased the kerosene including:

  • return period of purchase customer VAT number where present
  • customer name
  • postcode of delivery address
  • method of supply delivered or collected
  • volume of kerosene purchased
  • intended use code

The full RDCO datasets in respect of kerosene supplies for the financial year 2021 to 2022 and April 2022 to December 2022 (or up to latest month available if December 2022 data is not available) are required for BEIS to carry out fraud prevention activities when administering the NDAFP scheme. 

HMRC will provide BEIS with the full RDCO dataset for purchases over any 12 consecutive month periods between April 2021 and December 2022.  

BEIS and HMRC previously discussed the possibility of HMRC refining the dataset before sharing (for example, deleting entries for postcodes where less than 10,000 litres would have been recorded over 12 months) to balance the risk of sending a dataset that is larger than necessary.

HMRC have confirmed that there is no way to strip out data accurately and quickly as this would risk deleting entries for eligible organisations due to spelling or typing errors and inconsistencies in how the data has been recorded.

Data item requested BEIS usage
Return period the purchase was made in Arvato will be able to match this information to the date on the invoice, as a cross check for authenticity. This will be needed to ensure evidence submitted covers purchases of kerosene within a consecutive 12 month period.
Date of receipt This date is the date the return (HO5) was received into HMRC it will provide a reasonable assurance of the period the return has been filed for date of receipt April 2022. This would normally refer to the March reporting period for the data.
Supplier number This will provide a necessary additional layer of scrutiny to verify invoice authenticity. For instance, the number of different supplier codes associated with one applicant in the RDCO data should match the number of different suppliers in the invoice set.
VAT number where available This will be a key piece of information to conduct an automated check against in order to match relevant purchase records. Arvato will need this information to confirm the record pertains to the applicant.
Postcode of delivery address This will be a key piece of information to conduct the automated check against, in order to match kerosene usage against an address. Arvato will need this information to confirm the record pertains to the address the applicant is applying for.
Indicator for method of purchase Where the address in the application does not return an automated match for address in the RDCO dataset, this indicator can provide an explanation in confirming kerosene was collected rather than delivered.
Volume in litres This is the key information Arvato will use to verify that the volumes submitted by the applicant in their invoices match and the claim volume is correct.
Use code This provides an additional layer of verification if checks on whether a building is non-domestic are inconclusive. The use code will indicate whether the usage is non-domestic.

HMRC’s RDCO data items will allow detection of applications that are:  

  • using invented organisations  
  • fraudulently pretending to use kerosene  
  • exaggerating their kerosene consumption
  • fraudulently presenting the consumption of several properties as the consumption of one property in order to pass the 10,000 litre threshold. Whereas none of their property would be eligible if they were following the NDAFP scheme rules.

Under section 18(1) of the Commissioners for Revenue and Customs Act (CRCA) 2005, HMRC is bound by a strict duty of confidentiality meaning that HMRC officers may not disclose information HMRC holds for its functions. 

However, HMRC information may be disclosed where one of the statutory exceptions in section 18(2) CRCA 2005 apply or where disclosure is permitted under any other enactment pursuant to section 18(3) CRCA 2005.   

Any person who discloses HMRC information, which identifies a taxpayer without a lawful basis to do so under either section 18(2) or (3) of CRCA 2005, potentially commits a criminal offence of wrongful disclosure pursuant to section 19 CRCA 2005. 

A person found guilty of an offence may receive an unlimited fine, imprisonment of up to two years or both.   

In this particular case, disclosure is permitted by virtue of section 56 of the Digital Economy Act.  Section 56 enables the disclosure of the HMRC data from the Registered Dealers in Controlled Oil (RDCO) returns as it would be in line with the statutory purpose of the taking of action in connection with fraud against a public authority which includes the prevention of fraud.

This is because the information will support the verification process of claims under the NDAFP scheme, therefore reducing the risk of fraudulent claims. 

Under schedule 8 paragraph 41 of the DEA, a person is a specified person if they provide services to a specified person who falls with this part 1 of the schedule and is a public authority and the disclosure is in respect of taking action in connection with fraud against the public sector. 

BEIS will disclose HMRC’s RDCO data to delivery partners which would be contracted to administer the top-up payment portion of the NDAFP on behalf of BEIS and taking action when administering the scheme in connection with fraud.

1.4 Lawful basis for disclosing personal data

The lawful basis for processing (including disclosure by HMRC) of the personal data held within HMRC’s RDCO dataset is article 6(1)(e) of the UK GDPR (public task): processing being necessary for BEIS and its delivery partner to perform a task for its official function in administering the NDAFP scheme.

1.5 Data processor and data controller

Under UK GDPR this will be a data controller to data controller relationship between HMRC and BEIS for the transfer of personal data contained with HMRC’s RDCO dataset. 

HMRC will be the data controller until the RDCO dataset is received by BEISBEIS will then act as data controller. 

Article 24 of the GDPR provides further information on the responsibility of a data controller. 

Where BEIS discloses personal data (as defined under UK GDPR) within the RDCO dataset to their delivery partners, their delivery partners then becomes the data processor on behalf of BEIS.

1.6 Delivery partners

BEIS have confirmed the delivery partners are a person providing service to BEIS for the purpose of taking action in connection with fraud against public authority. 

The HMRC RDCO data will be stored within the UK on a platform provided by Salesforce, the controls for access will be tailored to BEIS’s requirements to ensure that only those with business reason have access. 

BEIS will transfer the RDCO data to Salesforce through BEIS secure digital solution. Arvato will access the HMRC data for applicants through the Salesforce online platform where the data will remain. Arvato will not be able to directly access the whole HMRC data set, only specific data points attached to relevant applications.

1.7 Data security

BEIS will undertake in relation to the information provided to BEIS hereunder to: 

  • move, process and destroy data securely i.e. in line with the principles set out in HM Government security policy framework, issued by the Cabinet Office, when handling, transferring, storing, accessing or destroying information

  • only use it for the purposes that it has been disclosed for and ensure that only those with a genuine business need to see the information (linked to the purpose) will have access to it

  • store the data in a secure platform provided by Salesforce with restricted access to members of the team who are directly involved in the data share and only keep it for the time it is needed, and then destroy it securely on agreement of all parties

  • not onwardly disclose HMRC information without the prior consent of HMRC in accordance with section 59 of the Digital Economy Act 

  • HMRC gives consent to BEIS to onwardly disclose HMRC’s RDCO dataset to its delivery partners only for the purpose of preventing and tackling fraud when administering the NDAFP 

  • any person who receives HMRC data from BEIS may not onwardly disclose the data without HMRC’s prior consent in accordance with section 59 of The Digital Economy Act

  • restrict access to the information by applying additional access restrictions to the designated storage point 

  • comply with the requirements in the security policy framework, and be prepared for and respond to security incidents and to report any data losses, wrongful disclosures or breaches of security relating to the information provided to BBFSL hereunder

  • mark information assets with the appropriate security classification and apply the appropriate baseline set of personnel, physical and information security controls that offer an appropriate level of protection against a typical threat profile as set out in Government Security Classifications, and in particular as set out in the Annex – Security Controls Framework to the GSC

1.8 Data retention

This DUA is related to the NDAFP Scheme itself. All NDAFP payments are due to have taken place by the end of April 2023. 

For the purpose of scheme delivery, BEIS will transfer the RDCO dataset to Salesforce through Salesforce data loader solution. The dataset will be kept there until closure of the scheme (expected June 2023) as access will still be needed after closure of the scheme payment window to check mistakes in payments (we expect this phase will happen between May and June 2023). 

The HMRC RDCO dataset will be deleted from Salesforce at the end of June 2023 once the NDAFP scheme has been completed. This retention period is subject to change if the policy to contract for the NDAFP scheme is extended, in which case BEIS will request an extension from HMRC to retain the RDCO dataset. 

For the purposes of evaluation, BEIS will require the retention of the full dataset. A third party body will be contracted to conduct scheme evaluation by May 2023. In May 2023, BEIS will approach HMRC to inform them of the named contractor and request an extension from HMRC to retain the RDCO dataset for evaluation purposes. 

   This content has been withheld because of exemptions in the Freedom of Information Act 2000.  

For the evaluation of the scheme, data sharing is expected to be required until six months following the end of the evaluation (currently expected by end of 2024). BEIS will confirm this date in May 2023 as part of the request to HMRC following completion of evaluation scoping and the appointment of a third-party contractor.   

On termination, BEIS and its delivery partners will securely destroy the data by permanently deleting the file(s), and will certify, in writing to HMRC using HMRC’s certificate of deletion, that the data has been destroyed to government’s security standards.

1.9 Data processing

BEIS will use the RDCO dataset in the following steps: 

  • HMRC will transfer the RDCO dataset, in csv format, to BEIS via SDES (HMRC’s secure data exchange service)

   This content has been withheld because of exemptions in the Freedom of Information Act 2000.  

  • BEIS will transfer the RDCO dataset, in csv format, to Salesforce through Salesforce data loader solution

  • the Salesforce platform will conduct automatic checks on applications received to the NDAFP scheme against the RDCO dataset

  • Arvato will access the RDCO dataset, to conduct manual checks to help validate applications to the NDAFP scheme, through the Salesforce case management web portal

  • the RDCO dataset will not be transferred to Arvato and Arvato will not be able to download any of the data

  • Arvato will have access to the entirety of the RDCO dataset stored on Salesforce via lookup functions

Checks Who checks Data storage Fields sent (automated check on Salesforce) Fields returned (to be manually reviewed by Arvato) Pass or fail
check volume of kerosene usage for an organisation on database Arvato and Salesforce Salesforce system organisation name data matched to organisation name covering postcode, volume, return period of purchase advisory: capture if volume is higher or lower than application
check volume of kerosene usage at a postcode on database Arvato and Salesforce Salesforce system postcode data matched to postcode covering organisation name, volume, return period of purchase advisory: capture if volume is higher or lower than application

   This content has been withheld because of exemptions in the Freedom of Information Act 2000.  

1.10 Freedom of information and subject access requests

HMRC and BEIS are subject to the Freedom of Information Act 2000, and will assist and cooperate with each other, to enable each to comply with its information disclosure obligations. 

Where a freedom of information request is received by a party to this agreement which relates to data that has been provided under this agreement, the party receiving the request will notify the other relevant party to allow them the opportunity to make representation on the potential impact of disclosure.

   This content has been withheld because of exemptions in the Freedom of Information Act 2000.  

Data subjects are entitled to exercise their data subject rights when their personal data is processed.  Where either party receives a data subject request, the party receiving the request will, where appropriate to do so, notify the other relevant party to allow them the opportunity to make representation on the potential impact of disclosure.

Make a subject access request to HMRC - GOV.UK (www.gov.uk)

   This content has been withheld because of exemptions in the Freedom of Information Act 2000.  

1.11 Security incidents

In the event that BEIS or its delivery partners become aware of a suspected or actual incident affecting the confidentiality, integrity and availability of the HMRC information in its possession or control, BEIS and/or its delivery partners will report the incident through BEIS’s incident procedure and immediately notify HMRC.  For personal data, BEIS also agrees to work to ICO’s requirements, reporting without undue delay (if it meets the threshold for reporting) and within 72 hours.

1.12 Liabilities

HMRC rely solely on taxpayers to provide accurate and up to date information.  In the event that any HMRC data shared with BEIS through this data sharing agreement contains inaccuracies, BEIS agrees that HMRC will not be held liable for any decisions regarding the administration of the Non-Domestic Alternative Fuel Payment (NDAFP) scheme.

1.13 Disputes

   This content has been withheld because of exemptions in the Freedom of Information Act 2000.  

Back to top