Privacy Notice and Data Protection

This privacy notice is to be read in conjunction with the full privacy notice. This privacy notice sets out how the Council’s procurement Find a Tender service (FTS) at the Cabinet Office will use and process your information.

What type of information is collected about you?

Personal data of all users:

• Name
• Email address

Additional personal data from suppliers and their ‘connected people’:

• Address
• Date of birth
• Nationality
• Country of residence
• Associations with legal entities

Sensitive personal data:

• Criminal convictions data of suppliers and possible connected people

We need your information for the following services and functions:

To facilitate the registration process on the FTS digital system, which includes matching GOV.UK One Login users to existing accounts and transferring existing account information..
To ensure compliance with the Procurement Regulations 2024 and other relevant procurement regimes, particularly when a contracting authority participates in a procurement process
To publish procurement notices and related information as required by the Procurement Act 2023 and Procurement Regulations 2024
To facilitate participation in public procurement under the Procurement Act 2023, especially where contracting authorities need suppliers to register and complete their ‘supplier information’

Who your information may be shared with:

Internally: The Council’s Procurement Team and potentially other relevant departments within the Council will have access to your data

The Cabinet Office: As the provider of the FTS, the Cabinet Office has access to your data.

Contracting authorities: If you are a supplier, any contracting authority with whom you have shared your data to participate in public procurement will have access to your data. This includes the data of any connected people you have input into the service. This data may be shared with the contracting authority’s chosen e-sender.

Suppliers of the Find a Tender Service (FTS):

• Cloud hosting provider (Amazon Web Services)
• GOV.UK One Login (for identity verification)
• GovNotify (for sending emails)
• Web analytics provider (if you have consented to cookies, such as Google Analytics)
• Reporting dashboard supplier
• Technical support teams

The legal basis for processing your information

The legal basis for processing personal data is UK GDPR Article 6(1)(c), meaning processing is necessary to comply with a legal obligation. This includes the obligation of the Council to use the Find a Tender service (FTS) for the publication of information required by the Procurement Act 2023 and for the collection and facilitation of sharing supplier information as required by the Procurement Regulations 2024.

Processing criminal convictions data is based on the necessity for reasons of substantial public interest for the exercise of a function of the crown, a minister of the crown, or a government department (para 6, schedule 1, Data Protection Act 2018).

The lawful basis for processing analytics data is consent (Article 6 (1)(a) UK GDPR)

How long will we keep your information

Data published on FTS is retained to meet the obligations of the Procurement Act 2023. If a contract is awarded, the data must be published on the platform for the duration of the procurement. Once the contract has ended, the information will be retained for 7 years.

If your account remains unused for 5 years, you will be contacted to determine whether you wish to have your data deleted

International transfers

All personal and sensitive data collected by FTS is shared with Amazon Web Services (AWS) and is stored in the UK.

Data collected by Google Analytics may be transferred outside the European Economic Area (EEA) for processing.

Where data processing occurs in the US, suppliers must meet the certification standards set out in the UK-US data bridge agreement. This facilitates flows of personal data to certified US companies that have opted into the EU-US Data Privacy Framework