- Name of service - Procurement
- Directorate - Customers, Digital and Transformation
- Date of issue - 12 July 2018
- Review date - 11 July 2019
The reasons why we use your personal data
Purpose / function of the service
The Procurement Service is responsible for procurement strategy and policy, procurement efficiency, innovation, improvement and the delivery of procurement projects with suppliers and providers to secure wider social, economic and environmental benefits for the Council and residents.
The Service also acts as the centre of expertise for procurement advice and best practice within the Council, and undertakes research and analysis of relevant markets.
What processing of personal data is undertaken by the specific teams or services
Your personal data is collated for the purposes of tendering for new contracts and to inform plans for commercial negotiations with suppliers, in order to carry out our statutory responsibilities under Public Procurement Regulations 2015 and in compliance with our Procurement Standing Orders, which form part of the Council's constitution.
In addition, we collect your personal data for the following:
- Service improvement and planning
- Prevention and detection of crime/fraud
- Statistical analysis and reporting
What information do we collect?
- Contact details for suppliers or other third parties
How we are allowed to use your personal data
We have a Legal obligation or public task under various UK legislation including but not limited to:
- Local Government Act
- Public Contracts Regulations 2015
- Localism Act 2011
- Public Services (Social Value) Act 2012
- Bribery Act 2010
Who we share your personal data with
We operate as a service in the Orbis Partnership between Surrey County Council, East Sussex County Council, and Brighton and Hove City Council. To drive efficiency, we share data as Procurement colleagues on a pooled basis, as well as with other Orbis services (Finance, HR, IT, Audit) and Orbis Public Law. We also share data with other public sector bodies such as Clinical Commissioning Groups, other local government etc, when tendering contracts jointly.
Automated decision making (when computers make any decisions about you)
Personal data being sent or processed outside of the UK and EU
In order to provide efficient and value for money services, we use third parties located in other countries to help us run our functions and in this case we process your personal data outside of the UK/EU (state country/countries). As this includes countries outside the European Union ("EU") and to countries that do not have laws that provide specific protection for personal data, we have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
Retention of data
Data will be retained for 3 years or in accordance with Procurement Standing Orders, which set out the retention periods for signed or sealed contracts. These are available on the Council website as part of the constitution.
For further information on our privacy notices, please see information and privacy.