Our procurement process includes a range of activities involved in obtaining and sourcing goods and services, negotiating terms, making purchases etc. As a public contracting authority, we are subject to and must comply with the Public Contracts Regulations 2015 (as amended) and our Contract Standing Orders.
Processing activity – our procurement processes vary depending on our requirements. Generally we:
- identify the goods and services we need
- undertake tendering processes
- undertake quotation processes
- negotiate price and terms
- assess tender and quotations
- award contracts
- contract management
- raise purchase orders
- approve invoices and arrange payments
- maintain records
Information requirements - our processing activities may include:
- your address, telephone number, email address
- site address
- organisation details
- organisation activity
- responses to standard selection questionnaires
- criminal record checks (where applicable)
- sole trader details
- CVs
- contracts
- quotations
- notice of decisions to award
- if awarded a contract, bank/payment details (excluding debit/credit card details)
- certain contracts e.g. NEC4 will require additional information such as ‘defined costs’ which will include contractor employee names, salaries, pension details etc.
Lawful bases - our lawful bases for processing your personal information are:
- UK GDPR Article 6(1)(b) - processing is necessary for the performance of a contract
- UK GDPR Article 6(1)(c) - our legal obligation(s) under the Public Contracts Regulations 2015 (as amended) and the Local Government Transparency Code 2015
How your data is used
We use Pro Contract, an electronic tendering system to issue and receive all of our quotation and tender documents. Your data, which you upload onto Pro Contract may be used to contact you concerning relevant procurements. Each opportunity that is awarded through Pro Contract automatically updates to the Kent Business Portal .with contracts above £25,000 added to the Contracts Register on the Portal.
Your personal data may also be used as evidence that we have conducted a procurement exercise in a compliant and legal manner. We have a duty to perform procurements in a transparent, fair way and therefore we need to be able to evidence that we have done so. This can include keeping standard selection questionnaires, successful and unsuccessful tender/quotation responses (which may include CVs if these are submitted), evaluation spreadsheets and feedback letters.
Where we enter a formal agreement with suppliers/service providers, details of named contacts for members of the supplier/service/provider’s organisation will be held for the purposes of contract management.
Data sharing – Occasionally, it will be necessary for us to share information with third parties, for example, when we are using specialist consultants as part of the procurement process. However, we will not disclose your personal information to third parties for marketing or sales purposes or for any commercial use, and we will not use your personal data in a way, which may cause you harm. Any commercially sensitive information provided to us will not be shared with other suppliers/service providers.
We may share information with the police or other relevant agencies to aid with the detection and prevention of criminal acts. We may also rely on a number of exemptions, which allow us to share information without needing to comply with all the rights and obligations under the Data Protection Act 2018. Please refer to the Kent & Medway Information Agreement for further details on our sharing arrangements.
Where we detect suspicious behaviours of fraud and/or crime across our functions, we may receive from and share information with HMRC (Customer Compliance Group – RIS Intelligence, Volume Intelligence, Intelligence Exchange).
We will publish payments made to you under the contract, in accordance with our obligations under the Transparency in Local Government - Local Government Transparency Code 2015.
Retention period - we keep your personal information in accordance with regs. 83 and 84 of the Public Contract Regulations 2015 (as amended) and in accordance with our Information Asset Registers, i.e. six years or twelve years if the contract is under seal, after the last action unless exceptional circumstances require longer retention e.g. a pending legal proceedings. All information will be held securely and disposed of confidentially.
Anonymisation- your personal information may be converted ('anonymised') into statistical or aggregated data in such a way that ensures that you cannot be identified from it. Aggregated data cannot, by definition, be linked back to you as an individual and may be used to conduct research and analysis, including the preparation of statistics for use in our reports.
Changes to this Privacy Notice – we review this Privacy Notice regularly and will place updates on our website.
Please refer to our Corporate Privacy Notice for further details of how we process your personal information and your rights.
Note that we may process your personal information on more than one lawful basis depending on the specific purpose for which we are using your information