Privacy notice – procurement

North Somerset Council is registered with the Information Commissioner’s Office for the purposes of processing personal data.  The information you provide will form part of our procurement file, and will be held and used in accordance with the requirements of UK and European data protection law.  For successful tenders, the approved supplier information will remain on our systems until they are superseded.  Pre-qualification questionnaires and information relating to successful tenders will be held for one year from the contract award. Unsuccessful tender information will be held for six months following contract award.

Unless otherwise agreed with you, we will only collect the minimum personal data required to deliver the service, which includes your business name, contact details and financial information for making payments.  It does not include any special category personal information, or information relating to criminal convictions or offences.

The information will be used for the administration of the procurement process; our statutory duty under the Public Contracts Regulations 2015.  We rely on this requirement to carry out the procurement exercise in the public interest, in accordance with Article 6(1)(e) of GDPR.

We will not use your personal information in a way that may cause you unwarranted nuisance.  Failure to provide the information result in us being unable to contact you and therefore progress your procurement application.

If successful, the information provided will be shared with the service area for whom the procurement exercise has been carried out, and our finance team, in order for them to make payment to you.  The information will also be shared with our Legal team, in order for them to draw up the final contract.  At no point is your data shared or processed outside of the UK.

Procurement exercise information is subject to requests for information under the Freedom of Information Act 2000.  If we consider that documents to be released in response to a request contains your personal data, we will contact you prior to disclosure to ask your permission.  If we are unable to contact you within the statutory timeframe afforded to Freedom of Information requests, or you do not wish for us to release your personal data, we will redact this information from a response.

We may lawfully disclose information to public sector agencies to prevent or detect fraud or other crime, or to support the national fraud initiatives and protect public funds under the Local Audit and Accountability Act 2014.  Under the conditions of the Digital Economy Act 2017, we may also share personal data provided to us with other public authorities as defined in the Act, for the purposes of fraud or crime detection or prevention, to recover monies owed to us, to improve public service delivery, or for statistical research.  We do not share the information with other organisations for commercial purposes.

You have the right to see the personal data we process about you, as well as the right of rectification and restriction to destruction of records in some circumstances.

If you have any questions or concerns about the way we process your personal data, contact our Data Protection Officer at