Procurement Service privacy notice

This page provides information on how Norfolk County Council’s procurement service uses personal information about suppliers, their employees and volunteers.  By ‘use’ we mean the various ways it may be processed, including storing and sharing the information.

We also provide further details regarding who we are, how long we use your information for, your rights under the GDPR and how to exercise them in our general privacy notice.  Alternatively, you can ask us for a copy of this information.

Information about companies, charities, public bodies and other organisations (referred to in this notice as “incorporated suppliers”) is not personal information. But:

  • Incorporated suppliers may provide us with personal information about staff and volunteers
  • Sometimes, individual people or unincorporated partnerships (together referred to in this document as “unincorporated suppliers”) bid for or are awarded contracts, and information about their business affairs may be personal information.

When we refer to “suppliers” in this notice, we mean both incorporated suppliers and unincorporated suppliers and we include suppliers who have bid for contracts, whether or not they were successful.

We use this personal information to procure and purchase goods and services for the Council and its service users.  This includes:

  • Administering procurement exercises
  • Evaluating bidder submissions and tenders
  • Permitting audit and legal review of tender processes and contracts
  • Reviewing, managing and enforcing contracts
  • Making and receiving supplier payments
  • Dealing with concerns and complaints
  • Ensuring compliance with the relevant laws, including the Public Contracts Regulations 2015 and the Local Government Transparency Code 2015
  • Considering requests made under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004.

We also use personal information about incumbent suppliers’ workforces to allow tenderers to price for replacement contracts.

The information we hold includes information suppliers have provided to us, directly or via a prime contractor or consortium that has bid for or secured a contract.

We also receive information from:

  • People and organisations that have been nominated as referees by suppliers
  • Other customers of suppliers
  • Our service users who receive services from suppliers, and the people who care for them
  • Enforcers and regulators, including the Care Quality Commission, Ofsted and the Health and Safety Executive
  • Other businesses or employers
  • Trade and/or sector associations
  • Other local authorities and other public bodies
  • Credit reference agencies (in respect of suppliers’ finances)
  • Witnesses, including expert witnesses
  • Consultants and technical specialists
  • Auditors and inspectors

The information we collect and use includes ‘ordinary personal information’ such as your:

  • Name
  • Work contact details and, where provided, emergency out of hours contact details
  • Job/profession and other information about employment history and current employment and details of professional qualifications
  • Photographs, should a supplier provide them (for example, on a CV)
  • Information about suppliers’ financial capacity and solvency
  • Information about payments made to and received from suppliers
  • Information suppliers have provided about breach of the grounds for exclusion set out in regulation 57 of the Public Contracts Regulations 2015
  • Information about complaints and allegations of misconduct made during the course of a procurement exercise or subsequent delivery of a contract
  • Salary, age, pension, length of service and other workforce information needed to enable tenderers to price their bids for replacement contracts when the Transfer of Undertakings (Protection of Employment) Regulations apply

‘Special Category’ information is defined as information concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union activity, genetic data, biometric data, health, sex life and sexual orientation.  Only where it is relevant may we collect and use these types of information, and such information will be collected as part of the procurement or tendering records and information we hold.  In particular, information concerning health may be relevant in the context of equality and disability rights.

Information concerning any criminal convictions is afforded a similar special level of protection, and we may collect and use this information where it is relevant, subject to the same safeguards.

For ‘ordinary personal information’ (that is, all your information which is not special category information), we have legal grounds to process this information because it is necessary for the fulfilment of our legal obligations. This includes under the:

  • Public Contracts Regulations 2015
  • Local Government Transparency Code 2015F

or ‘Special Category’ information, we have legal grounds to process this information where it is in the necessary for reasons in the substantial public interest.  This will include where it is necessary to carry out any of our statutory functions or necessary for protecting individuals at risk.  The law provides safeguards to protect the use of your special category information and any information concerning criminal convictions.

We may share suppliers’ and their employees’ and volunteers’ personal information with:

  • Other departments within the County Council
  • Other organisations that are jointly procuring or managing a contract with us
  • People and organisations that suppliers have nominated as referees
  • People and organisations that suppliers have asked us to provide a reference to
  • Consultants, technical specialists, lawyers, expert witnesses, accountants and similar advisers in respect of bid evaluation, contract management and review, strategy review, performance review, review of complaints and disputes and similar purposes
  • Suppliers’ other customers, and central purchasing bodies, for supplier stability monitoring and performance management purposes
  • Our service users who receive services from suppliers, and the people who care for them, as far as this is necessary to allow service delivery
  • Enforcers and regulators, including the Local Government Ombudsman, the Care Quality Commission, Ofsted, HMRC and the Health and Safety Executive
  • Internal and external auditors and inspectors
  • Professional bodies such as the General Medical Council or the Law Society, in respect of alleged misconduct
  • Debt recovery services, bailiffs and investigators where necessary to recover a debt owed to us.1The Disclosure and Barring Service, Disclosure Scotland and their equivalents in other countries (where a basic disclosure or DBS check is required in respect of a particular role) and agents who submit details to such organisations on our behalf
  • In respect of anonymised workforce information, tenderers and potential tenderers for replacement contracts

We share information without individuals’ specific consent as it is reasonable and necessary to do so to evaluate tender or bid submissions, manage, administer, review or deliver the contract, deal with concerns and complaints, enable tenderers to price their bids, fulfil our public tasks or where it is otherwise in the substantial public interest to do so.  The law imposes safeguards to protect individuals’ privacy in these circumstances.

Where we share workforce information needed to enable tenderers to price their bids for replacement contracts when the Transfer of Undertakings (Protection of Employment) Regulations 1981 apply, that information will not include names or contact details but it may be possible for recipients to deduce which information applies to which employee. Recipients will be made subject to a non-disclosure agreement before workforce information is shared.

Subject to contractual and other legal safeguards, we will share individuals’ information with organisations commissioned to provide services to suppliers, such as electronic tendering systems and payment services.

Information is stored electronically in our tendering and contract management systems.  Additionally, information is securely stored in other mediums, including electronic file stores, email accounts and paper files.

We are required to publish various details of our business dealings on the internet.  We routinely publish:

  • Payments made to suppliers
  • Details of contracts awarded
  • A register of grants and contracts

We may publish, or release under the Freedom of Information Act 2000, actual contracts, deliverables provided under contracts, and information about compliance with contracts and performance under those contracts, whether the supplier is incorporated or unincorporated.

We may score straightforward aspects of tenders and other submissions electronically in accordance with the evaluation criteria stated in the procurement documents but otherwise do not make automated decisions about individuals.

This notice was last updated in September 2018.