Privacy notice: Selling to the Council

Contents

  1. Introduction
  2. What type of personal information do we collect?
  3. How do we collect your personal information?
  4. Why do we collect your personal information?
  5. Who might we share your personal information with?
  6. How long will we keep your personal information?
  7. What is our legal basis for using your personal information?
  8. How do we keep your personal information secure?
  9. Is your personal information used overseas?
  10. What are you rights?
  11. Contact us

1. Introduction

South Tyneside Council is a registered data controller in relation to the data it holds regarding individuals or suppliers to whom the Council purchases goods or makes a financial payment, i.e. support payments, grant funding, sundry and/or trade creditor payments.

This statement explains how we use the personal information that we collect from you during the payment, purchasing or contract management process. South Tyneside Council takes your privacy and the security of your information that you provide us with, very seriously.

Throughout this notice, 'we' and 'our' refers to South Tyneside Council; 'you' refers to you as the individual or business receiving payment or engaging in purchase contracts with South Tyneside.

This Notice was last reviewed in October 2024.

2. What type of personal information do we collect?

We may collect the following types of information:

  • Name
  • Address
  • Telephone number
  • Email address
  • Bank account information
  • National Insurance Number (if applicable)
  • VAT Registration Number (if applicable)
  • Company Registration Number (if applicable)
  • Business type (if applicable)
  • The names and contact details of anyone you have appointed to act on your behalf
  • Contract details / pricing schedules
  • CIS status

3. How do we collect personal information?

You will normally provide this information to the Council on a voluntary basis, in order to facilitate a payment to yourself or your business.  If you do not provide this information then we may be unable to make a payment to you.  Data can be collected via the following routes:

  • Completion of forms
  • Telephone
  • In writing - for example letter or email
  • Family members, carers or appointees acting on your behalf
  • HMRC
  • Companies House
  • The National Fraud Initiative
  • Credit reference agencies
  • Bank Account verification systems
  • Auditors
  • Other Council departments

4. Why do we collect your personal information?

The above information is needed to create a creditor record within the Councils Financial Management System (FMS), which will be used to generate a payment to you.

We are required to retain this information for audit and other financial management reasons, i.e. to measure performance, reporting, tax claims or submissions, in line with statutory retention periods.

We are also obliged to capture and share information relating to the people we pay with other government bodies or agencies for statistical, transparency, tax and to detect and prevention of crime.

The Council may also use this information to contact you about important changes to the services it provides or to validate that the information we hold on file about you is correct.

We are also required to process your data in accordance with the following, which are subject to regular amends:

  • The Financial Regulations 2007
  • Public Contract Regulations 2015
  • Local Government Finance Act 1992
  • The Localism Act 2011
  • The Local Government Transparency Code

5. Who might we share your personal information with?

  • Internally for verification, payment, reconciliation, audit and to protect public funds.
  • Paygate, who provide our BACS transfer / payment services.
  • Our banking provider (Lloyds Bank).
  • Support Revolution, the supplier contracted to support and maintain our Financial Management System.
  • HMRC for the purpose of VAT reconciliation, CIS Tax or IR35 requirements.
  • The Cabinet Office as part of the National fraud Initiative - fraud prevention, detection and data matching purposes.
  • The Police for other enforcement agencies or bodies who inspect and manage public funds.
  • Contracted Recovery Audit agents (suppliers only) for the purpose of identifying and recovering duplicate payments, unallocated cash or other risks on our behalf.
  • Oxygen Finance (suppliers only) for the management of our Early Payment Programme and associated administration, ie changes to payment terms, issuance of debit notes, communications, performance metrics etc.

We will never sell your personal data on to third parties. We will not pass on your personal data to unrelated third parties unless we are allowed or required to do so by law (i.e. where there is a legitimate reason).

Any information shared with third parties is subject to strict information sharing protocols and would be done in accordance with Council security and GDPR requirements.

6. How long will we keep your personal information?

Our accounting systems will retain payment information for audit purposes. Other personal information is retained for 6 years plus the current financial year, after which time records will be purged or redacted, as required.

7. What is our legal basis for using your personal information?

When you provide personal information to South Tyneside Council for the purposes of receiving payment from us, you do so on a voluntary basis.

The law states that we must retain financial information (and information relating to the individuals and / or suppliers to which it relates), for a minimum of 6 years plus the current financial year, which can be longer for complex contacts (up to 25 years).

8. How do we keep your personal information secure?

Your information will be held by South Tyneside Council in an electronic, computerised, format.

All electronic information is held on secure servers managed by the Council. 

South Tyneside Council has security procedures and an Information Security Policy to ensure that data is handled appropriately and protected from accidental loss or misuse. The Council seeks to comply and align its policies with all parts of the Information Security Standards ISO 27001.  Access to information is only permitted where there is a legitimate reason.

9. Is your personal information used overseas?

The information we currently hold is stored within UK data centres. 

We will not process your personal information outside of the European Economic Area (EEA).

10. What are your rights?

Your individual rights are set out in law. Subject to some legal exemptions, you have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights in relating to automated decision making and profiling

11. Contact us

If you would like to exercise your rights in relation to your personal information, or you feel that something has gone wrong with your personal information, you can contact us in either of the following ways:

By email: data.protection@southtyneside.gov.uk

By telephone: 0191 424 6539

In writing: South Tyneside Council, Information Governance, Town Hall and Civic Offices, South Shields, NE33 2RL

If you feel that the Council has not handled your information correctly you can contact the Information Commissioner's Office (ICO).  The ICO is the Government's Independent Body responsible for overseeing data protection.  In most cases the ICO will only review cases that have exhausted the Council's internal procedures.

The ICO's contact details are as follows: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. More information can be found on the ICO's website at www.ico.org.uk.