Procurement - Privacy Notice


  • Name of service - Procurement
  • Directorate - Customers, Digital and Transformation
  • Date of issue - 12 July 2018
  • Date of current version - 3 June 2021
  • Review date - 3 June 2024


The reasons why we use your personal data

Purpose / function of the service

The Procurement Service is responsible for procurement strategy and policy, procurement efficiency, innovation, improvement and the delivery of procurement projects with suppliers and providers to secure wider social, economic and environmental benefits for the Council and residents.

The Service also acts as the centre of expertise for procurement advice and best practice within the Council, and undertakes research and analysis of relevant markets.

What processing of personal data is undertaken by the specific teams or services

Your personal data is collated for the purposes of tendering for new contracts and to inform plans for commercial negotiations with suppliers, in order to carry out our statutory responsibilities under Public Procurement Regulations 2015 and in compliance with our Procurement Standing Orders, which form part of the Council's constitution.

In addition, we collect your personal data for the following:

  • Service improvement and planning
  • Prevention and detection of crime/fraud
  • Research
  • Statistical analysis and reporting

What information do we collect?

  • Name
  • Address
  • Contact details for suppliers or other third parties

How we are allowed to use your personal data

We have a Legal obligation or public task under various UK legislation including but not limited to:

  • Local Government Act
  • Public Contracts Regulations 2015
  • Localism Act 2011
  • Public Services (Social Value) Act 2012
  • Bribery Act 2010

Who we share your personal data with

We operate as a service in the Orbis Partnership between Surrey County Council, East Sussex County Council, and Brighton and Hove City Council. To drive efficiency, we share data as Procurement colleagues on a pooled basis, as well as with other Orbis services (IT, Audit). We also share data with other public sector bodies such as Clinical Commissioning Groups, other local government etc, when tendering contracts jointly.

Automated decision making (when computers make any decisions about you)

Not applicable.

Personal data being sent or processed outside of the UK and EU

In order to provide efficient and value for money services, we use third parties located in other countries to help us run our functions and in this case we process your personal data outside of the UK/EU (state country/countries). As this includes countries outside the European Union ("EU") and to countries that do not have laws that provide specific protection for personal data, we have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.

Retention of data

Data will be retained for 3 years or in accordance with Procurement Standing Orders, which set out the retention periods for signed or sealed contracts. These are available on the Council website as part of the constitution.

Other information

For further information on our privacy notices, please see information and privacy.

Did you find this information helpful?

Subscribe to our newsletters for latest news and events.