This page provides information on how Norfolk County Council’s procurement service uses personal information about suppliers, their employees and volunteers. By ‘use’ we mean the various ways it may be processed, including storing and sharing the information.
We also provide further details regarding who we are, how long we use your information for, your rights under the GDPR and how to exercise them in our general privacy notice. Alternatively, you can ask us for a copy of this information.
Information about companies, charities, public bodies and other organisations (referred to in this notice as “incorporated suppliers”) is not personal information. But:
When we refer to “suppliers” in this notice, we mean both incorporated suppliers and unincorporated suppliers and we include suppliers who have bid for contracts, whether or not they were successful.
We use this personal information to procure and purchase goods and services for the Council and its service users. This includes:
We also use personal information about incumbent suppliers’ workforces to allow tenderers to price for replacement contracts.
The information we hold includes information suppliers have provided to us, directly or via a prime contractor or consortium that has bid for or secured a contract.
We also receive information from:
The information we collect and use includes ‘ordinary personal information’ such as your:
‘Special Category’ information is defined as information concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union activity, genetic data, biometric data, health, sex life and sexual orientation. Only where it is relevant may we collect and use these types of information, and such information will be collected as part of the procurement or tendering records and information we hold. In particular, information concerning health may be relevant in the context of equality and disability rights.
Information concerning any criminal convictions is afforded a similar special level of protection, and we may collect and use this information where it is relevant, subject to the same safeguards.
For ‘ordinary personal information’ (that is, all your information which is not special category information), we have legal grounds to process this information because it is necessary for the fulfilment of our legal obligations. This includes under the:
or ‘Special Category’ information, we have legal grounds to process this information where it is in the necessary for reasons in the substantial public interest. This will include where it is necessary to carry out any of our statutory functions or necessary for protecting individuals at risk. The law provides safeguards to protect the use of your special category information and any information concerning criminal convictions.
We may share suppliers’ and their employees’ and volunteers’ personal information with:
We share information without individuals’ specific consent as it is reasonable and necessary to do so to evaluate tender or bid submissions, manage, administer, review or deliver the contract, deal with concerns and complaints, enable tenderers to price their bids, fulfil our public tasks or where it is otherwise in the substantial public interest to do so. The law imposes safeguards to protect individuals’ privacy in these circumstances.
Where we share workforce information needed to enable tenderers to price their bids for replacement contracts when the Transfer of Undertakings (Protection of Employment) Regulations 1981 apply, that information will not include names or contact details but it may be possible for recipients to deduce which information applies to which employee. Recipients will be made subject to a non-disclosure agreement before workforce information is shared.
Subject to contractual and other legal safeguards, we will share individuals’ information with organisations commissioned to provide services to suppliers, such as electronic tendering systems and payment services.
Information is stored electronically in our tendering and contract management systems. Additionally, information is securely stored in other mediums, including electronic file stores, email accounts and paper files.
We are required to publish various details of our business dealings on the internet. We routinely publish:
We may publish, or release under the Freedom of Information Act 2000, actual contracts, deliverables provided under contracts, and information about compliance with contracts and performance under those contracts, whether the supplier is incorporated or unincorporated.
We may score straightforward aspects of tenders and other submissions electronically in accordance with the evaluation criteria stated in the procurement documents but otherwise do not make automated decisions about individuals.
This notice was last updated in September 2018.