Privacy Notice - Corporate Procurement
- In providing us with your personal information you hereby acknowledge that Neath Port Talbot County Borough Council (the Council) is the Data Controller for all the personal information you provide on this form (for the purpose of the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018 (DPA)).
- This privacy notice specific to the collection and processing of personal data by the Corporate Procurement Unit within the Council. The data will be used pursuant to the Council carrying out its various statutory and business functions as part of a public procurement exercise, in order to evaluate proposals received for the provision of any Goods, Works or Services to the Council.
- As part of a procurement exercise, the data will be used for the following purposes in response to a call for quotation/tender, including and referring to: any selection, exclusion and award criteria set out in contract notices, the Invitation to Tender (ITT) documents or Invitation to Quote (ITQ) documents; in award of contract to the tenderer who meets minimum standards required, and submits the most economically advantageous quotation/tender in terms of quality/price evaluation; correspondence with economic operators, via tender message facility and internal evaluation panel deliberations; preparation of procurement strategy documents, negotiation or award of any contract; approval of Council reports and publication of contract award notices.
- Examples of personal data included in the above named processes may include:
Contact details as provided by tenderers, their staff, contractors or sub-contractors such as their name, address, telephone number, email address, and qualifications and work experience, as may be contained within resumes or CVs and related documents of this type.
- We may share your personal data securely within the Council for example:
staff appointed to the evaluation panel of a procurement exercise, financial and legal staff of the Council, Health and Safety and Sustainability officers, with Authorised Officers and/or Members of the Council.
- We may share your personal data securely with the following third parties (i.e. persons/bodies/entities outside the Council) in accordance with data sharing arrangements which we have in place with those third parties: Other tenderers who have been unsuccessful as part of a debrief, as required by the EU Public Contracts Directive, the Public Contracts Regulations 2015; external advisors or consultants advising on tender processes; other Local Authorities or bodies where the Council is undertaking procurements on their behalf; bodies charged with a monitoring or inspection task in application of EU/UK law (e.g. Welsh Audit Office or internal audits, Welsh Government, Cabinet Office)
- As a Data Controller the Council is required under GDPR to inform you which of the Article 6 GDPR “Data Processing Conditions” it is relying upon to lawfully process your personal data. In this respect please be advised that in regards to the data provided by you we are relying on the following two Article 6 conditions;
- “The data processing is necessary for compliance with a legal obligation to which the controller is subject”. (Article 6(c) GDPR).
- “The data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.” (Article 6(e) GDPR).
- The personal information collected from you on this form will be held by the Council for a period of 6 years from the completion of a Procurement process, and 6 years following the duration of a contract, or 12 years following the duration of any contract executed under seal.
- We would inform you that under Article 21 GDPR you have the right at any time to object to the Authority about the fact that we are processing your personal data for the purposes of carrying out a public task or exercising our official authority.
- The Council will not transfer any of your personal data outside of the European Union. All processing of your personal data by us will be carried out in the United Kingdom or other European Union countries.
- The Council will not use your personal data for the purposes of automated decision making.
- Please be advised that under GDPR individuals are given the following rights in regards to their personal data:
- The right of access to their personal data held by a data controller.
- The right to have inaccurate data corrected by a data controller.
- The right to have their data erased (in certain limited circumstances).
- The right to restrict the processing of their data by a data controller (in certain limited circumstances).
- The right to object to their data being used for direct marketing.
- The right to data portability (i.e. electronic transfer of data to another data controller).
Further information on all the above rights may be obtained from the Information Commissioner’s website.
11. In the event that you have any queries regarding our use of your personal data, you wish to have access to the same or you wish to make any complaint regarding the processing of your personal data, please contact the Council’s Data Protection Officer at the Directorate of Finance & Corporate Services, Civic Centre, Port Talbot, SA13 1PJ.
12. Please be advised that in the event that you make a request or a complaint to the Council’s Data Protection Officer (see 11 above) and you are dissatisfied with the Council’s response you are entitled to complain directly to the Information Commissioner’s Office. Details of the Commissioner’s Office contact details and further information on your rights may be obtained from the Commissioner’s website.