Commissioning, Contracts and Procurement - Privacy Notice

This Privacy Notice is designed to help you understand how and why The Commissioning, Contracts and Procurement Team at Selby District Council processes your personal data. This notice should be read in conjunction with the Council’s Corporate Privacy Notice.

Who are we?

Selby District Council is a ‘Data Controller’ as defined by Article 4(7) of the UK General Data Protection Regulation (UK GDPR).

The Commissioning, Contracts and Procurement Team are responsible for the commissioning and procurement of goods and services on behalf of the Council.

The Council has appointed Veritau Ltd to be its Data Protection Officer. Their contact details are: Data Protection Officer, Veritau, West Offices, Station Rise, York, YO1 6GA,, telephone 01904 552848.

What personal information do we collect?

In relation to procurement, the Council will collect business/financial information about companies that have submitted bids for tender to the Council or for ongoing contract management with the supplier. However, as part of this exercise, personal information may be collected from business representatives of sole traders. Therefore, we may collect the following categories of personal data:

  • Personal identifiers relating to Contact details of bidders, their staff or sub-contractors such as their name, address, telephone number and email addresses.
  • Business information (company registration, insurance details, health and safety records etc.)
  • Financial information ( Bank account details, credit checks, tax information, financial turnover/accounts)
  • Details of any professional misconduct and Criminal Activity/Criminal Record (as applicable)
  • TUPE data (as applicable)
  • Any other information gathered from other documents required in the ITT or ITQ documentation

Why do we collect your personal information?

Personal information from suppliers may be used by the Council as part of tender evaluation criteria, required as general supporting information for a tender or as part of the ongoing management of a contract that has been awarded.

We need to collect personal data to help us communicate with you as part of the procurement process. We may also need to collect personal data to enable us to perform background checks (such as credit checks) on the bidding organisation, which are necessary as part of the procurement process.

The personal data you provide to us as part of the procurement process is necessary to ensure that the Council is able to undertake the required due diligence processes for bidding organisations.

Who do we obtain your information from?

We do not collect any information from third parties, your information will be collected directly from you or provided by your organisation on your behalf. 

Who do we share this information with?

During the procurement exercise, we may share information with the following external agencies:

  • North Yorkshire County Council (for admiration the Council’s Legal and Financial functions)

Some information will also be published on the Council’s Contract Register at  as required by the EU Public Contracts Directive, the Public Contracts Regulations 2015 and the Transparency Code 2015. This is a publicly available register.

How long do we keep your information for?

Data relating to unsuccessful bids will be retained for up to one year. 

Data from successful bids will be retained until the end of the life of the contract.

What is our lawful basis for processing your information?

When processing personal information, the Council will rely on the following lawful basis:

UK GDPR Article 6 (1) (b) – processing is necessary for the performance of a contract

UK GDPR Article 6 (1) (c) – processing is necessary for compliance with a legal obligation to which the controller is subject

The Council holds the information to fulfil the Council's statutory S151 responsibilities, to ensure the appropriate financial arrangements are in place, to manage the Council's affairs and obtain value for money from tenders and contracts. The legislations and regulations which underpin this service are as follows:

  • Local Government Act 1972
  • Public Contracts Regulations 2015
  • Transparency Code 2015
  • EU Contracts Directive

For more information about how the Council uses your data, including your privacy rights and the complaints process, please see our Corporate Privacy Notice.