European Single Procurement Document privacy notice

First published

27 Aug 2024

Last updated

27 Aug 2024

European Single Procurement Document privacy notice

Find out how Stirling Council uses personal data by checking the Council’s website at the following address:

https://www.stirling.gov.uk/privacy-statement/

Our website contains a Register of Data Processing which lists all the different ways
in which the Council uses personal data.

This Privacy Notice provides more information about just one of those processes.

Who do I contact about my personal information?

The Council has a Data Protection Officer to make sure it is complying with data protection laws.

They can be contacted at:

Data Protection Officer
Stirling Council
Old Viewforth
14-20 Pitt Terrace
Stirling
FK8 2ET

Email: dataprotection@stirling.gov.uk
Telephone: 01786 404040

Why does the Council process personal information?

As part of the Procurement process, representatives from potential suppliers bidding for Council contracts are required to provide personal information, via the European Single Procurement Document (ESPD) or supplier questionnaire.

The ESPD is a Scottish Government document required for Procurement exercises undertaken under the Public Contracts (Scotland) Regulations 2015.

By gathering this information we are seeking background information about the bidder.

The type of personal information we collect

The data is about the persons “empowered to represent the bidder for the purposes of the procurement procedure” for which the company is bidding.

Personal Data

  • Full Name
  • Date of Birth
  • Place of Birth
  • Home and Business Address
  • CV Information (professional experience and qualifications)

Data relating to criminal convictions and offences may be processed for specific tender categories, for example a Police Scotland Serious & Organized Crime (SOC) Protocol Review is required.

What makes it lawful for the Council to process this personal information?

We process this personal data to comply with our statutory obligations.

Where does the Council obtain personal information from?

The personal data is provided by the supplier who is bidding for a Council contract. Data is received direct from the supplier.

Where does the Council keep personal information?

The data is kept electronically on the council network.

How long does the Council keep personal information?

Tender evaluation, negotiation and notification records - Unsuccessful tenders:

Destroy 1 year after Award of Contract. Records relating to second and third choice contractors may be kept throughout contract to avoid re-tendering if successful contractor withdraws service.

Tender evaluation, negotiation and notification records - Successful tenders:

Destroy 5 years after end of Contract.

Who does the Council share personal information with?

The Council shares personal data Police Scotland if required as part of the tender classification process as part of the Criminal Justice and Licensing (Scotland) Act 2010.

Your rights

You have the following rights under data protection laws. If you have a request under any of these rights, you can make a subject access request.

Access to your information

You have the right to request a copy of the personal information that we hold about you. This is known as a subject access request and is free of charge.  We must respond within one month, although this can be extended to three months if the information is complex.

Correcting your information

We want to make sure that your personal information is accurate, complete and up to date. Therefore you may ask us to correct any personal information about you that you believe does not meet these standards.

Deleting your information

You have the right to ask us to delete personal information about you where:

  • you think that we no longer need to hold the information for the purposes for which it was originally obtained
  • we are using that information with your consent and you have withdrawn your consent - see the 'withdrawing consent to using your information' section below.  Please note that in general we do not rely on consent as the legal basis for processing your personal information
  • you have a genuine objection to our use of your personal information - see 'objecting to how we may use your information' below
  • our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information

You have the right at any time to tell us to stop using your personal information for direct marketing purposes, profiling or research purposes. 

Restricting how we may use your information 

In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of your information. 

This right might also apply if we no longer have a basis for using your personal information - but you don't want us to delete the data.  Where this right is realistically applied will mean that we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent to use your information

Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Your request to transfer your data

If we are processing your personal information with your consent or as part of a contract with you, and it is held in an accessible and machine-readable format, you have a right to ask us to transmit it to another organisation. This is known as the right to data portability.

Our profiling or automated decision-making processes

We make some use of automated decision-making processes but very little use of profiling.  Where these techniques are used, this will be explained in the specific privacy statements relating to those functions, together with a description of the reason involved in any automated decision-making.

Complaints and comments

If you want to complain about or comment on how we have processed your personal information, you should email dataprotection@stirling.gov.uk

If you are still unhappy with how the council handled your complaint, you can contact the UK Information Commissioner's Office at:

The Information Commissioner,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire SK9 5AF

Phone: 0303 123 1113

You can find further information on the Information Commissioners Office website.

Contents